diff options
| author | Seonah Moon <seonah1.moon@samsung.com> | 2017-10-16 16:48:06 +0900 |
|---|---|---|
| committer | Seonah Moon <seonah1.moon@samsung.com> | 2018-02-20 11:16:31 +0900 |
| commit | 7407256e98e9edb6a87e5f7dadd38fa90a022d2b (patch) | |
| tree | 69abc3aa7476f43d77fdc40b3e181db2f732833f | |
| parent | 920117f1229f955001e7a1f371af81e38da830fa (diff) | |
| download | dnsmasq-7407256e98e9edb6a87e5f7dadd38fa90a022d2b.tar.gz dnsmasq-7407256e98e9edb6a87e5f7dadd38fa90a022d2b.tar.bz2 dnsmasq-7407256e98e9edb6a87e5f7dadd38fa90a022d2b.zip | |
Security fix, CVE-2017-14496, Integer underflow in DNS response creation.submit/tizen/20180222.013450accepted/tizen/unified/20180222.142138
Fix DoS in DNS. Invalid boundary checks in the
add_pseudoheader function allows a memcpy call with negative
size An attacker which can send malicious DNS queries
to dnsmasq can trigger a DoS remotely.
dnsmasq is vulnerable only if one of the following option is
specified: --add-mac, --add-cpe-id or --add-subnet.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
Change-Id: I4171560a179639755a115abfc381f03aa54f3bab
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
| -rw-r--r-- | src/rfc1035.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/rfc1035.c b/src/rfc1035.c index 26a2254..de009d0 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -564,8 +564,12 @@ static size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned if (optno != 0) { + if (p + 4 > limit) + return plen; /* Too big */ PUTSHORT(optno, p); PUTSHORT(optlen, p); + if (p + optlen > limit) + return plen; /* Too big */ memcpy(p, opt, optlen); p += optlen; } |