diff options
author | Alexey Izbyshev <izbyshev@ispras.ru> | 2023-01-29 19:46:51 +0300 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2023-02-27 10:03:06 -0500 |
commit | 9b132e556774c744f9052581d2d8d0fab417e97c (patch) | |
tree | cbb516502c92f69bb6b01c82dbb7c30fed845c56 /src/network/res_msend.c | |
parent | fix out-of-bounds reads in __dns_parse (diff) | |
download | grovel-9b132e556774c744f9052581d2d8d0fab417e97c.tar.gz grovel-9b132e556774c744f9052581d2d8d0fab417e97c.tar.xz |
prevent CNAME/PTR parsing from reading data past the response end
DNS parsing callbacks pass the response buffer end instead of the actual
response end to dn_expand, so a malformed DNS response can use message
compression to make dn_expand jump past the response end and attempt to
parse uninitialized parts of that buffer, which might succeed and return
garbage.
Diffstat (limited to 'src/network/res_msend.c')
0 files changed, 0 insertions, 0 deletions