]> git.ipfire.org Git - thirdparty/ldns.git/commitdiff
projects / thirdparty / ldns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 70d94cf)
* bugfix #70: heap Out-of-bound Read vulnerability in
authorWouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 24 Sep 2019 14:50:27 +0000 (16:50 +0200)
committerWouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 24 Sep 2019 14:50:27 +0000 (16:50 +0200)
  rr_frm_str_internal reported by pokerfacett.

Changelog patch | blob | blame | history
rr.c patch | blob | blame | history

diff --git a/Changelog b/Changelog
index 5972c261d35b30c22711dad406339ad71a811b05..8d8a1a3f0148cb1f861ea0ee5bf687ff6ca21518 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,7 @@
+...
+       * bugfix #70: heap Out-of-bound Read vulnerability in
+         rr_frm_str_internal reported by pokerfacett.
+
 1.7.1  2019-07-26
        * bugfix: Manage verification paths for OpenSSL >= 1.1.0
          Thanks Marco Davids
diff --git a/rr.c b/rr.c
index 6642aca775120a8bbcdffbeeb2692ac0a39477e9..adf67ae454ddc46728bc117e99cbbab9c65699cd 100644 (file)
--- a/rr.c
+++ b/rr.c
@@ -365,15 +365,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
                                ldns_buffer_remaining(rd_buf) > 0){
 
                        /* skip spaces */
-                       while (*(ldns_buffer_current(rd_buf)) == ' ') {
+                       while (sldns_buffer_remaining(strbuf) > 0 &&
+                               *(ldns_buffer_current(rd_buf)) == ' ') {
                                ldns_buffer_skip(rd_buf, 1);
                        }
 
-                       if (*(ldns_buffer_current(rd_buf)) == '\"') {
+                       if (sldns_buffer_remaining(strbuf) > 0 &&
+                               *(ldns_buffer_current(rd_buf)) == '\"') {
                                delimiters = "\"\0";
                                ldns_buffer_skip(rd_buf, 1);
                                quoted = true;
-                       } else if (ldns_rr_descriptor_field_type(desc, r_cnt)
+                       }
+                       if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
                                        == LDNS_RDF_TYPE_LONG_STR) {
 
                                status = LDNS_STATUS_SYNTAX_RDATA_ERR;
Mirror of https://github.com/NLnetLabs/ldns.git