]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 645b33d)
BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_r...
authorJérôme Magnin <jmagnin@haproxy.com>
Thu, 20 Dec 2018 15:47:31 +0000 (16:47 +0100)
committerWilly Tarreau <w@1wt.eu>
Thu, 20 Dec 2018 16:13:02 +0000 (17:13 +0100)
A regression was introduced with efbbdf72 BUG: dns: Prevent out-of-bounds
read in dns_validate_dns_response() as it prevented from taking into account
the last byte of the payload.  this patch aims at fixing it.

this must be backported in 1.8.

src/dns.c patch | blob | blame | history

diff --git a/src/dns.c b/src/dns.c
index c1396f525985de4d0494dc1d28cb960d19118d84..78d8f52f2113b3dd41d93107b90bc9e4fab5fa38 100644 (file)
--- a/src/dns.c
+++ b/src/dns.c
@@ -810,7 +810,7 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend,
                /* Move forward 2 bytes for data len */
                reader += 2;
 
-               if (reader + dns_answer_record->data_len >= bufend) {
+               if (reader + dns_answer_record->data_len > bufend) {
                        pool_free(dns_answer_item_pool, dns_answer_record);
                        return DNS_RESP_INVALID;
                }
Mirror of https://github.com/haproxy/haproxy.git