hesiod: Avoid heap overflow in get_txt_records [BZ #20031]

author Florian Weimer <fweimer@redhat.com>

Mon, 2 May 2016 14:04:32 +0000 (16:04 +0200)

committer Mike Frysinger <vapier@gentoo.org>

Sat, 12 Nov 2016 05:44:23 +0000 (00:44 -0500)
author Florian Weimer <fweimer@redhat.com>
Mon, 2 May 2016 14:04:32 +0000 (16:04 +0200)
committer Mike Frysinger <vapier@gentoo.org>
Sat, 12 Nov 2016 05:44:23 +0000 (00:44 -0500)
diff --git a/hesiod/hesiod.c b/hesiod/hesiod.c

index 5b13b3f1c443a566f62cebcc09bde4472dc87a92..98ddee39a401b2bbcd9533e2209b179b7afec9a4 100644 (file)
--- a/hesiod/hesiod.c
+++ b/hesiod/hesiod.c
@@ -411,7 +411,7 @@ get_txt_records(struct hesiod_p *ctx, int class, const char *name) {
                 cp += INT16SZ + INT32SZ;        /* skip the ttl, too */
                 rr.dlen = ns_get16(cp);
                 cp += INT16SZ;
-               if (cp + rr.dlen > eom) {
+               if (rr.dlen == 0 || cp + rr.dlen > eom) {
                         __set_errno(EMSGSIZE);
                         goto cleanup;
                 }
author	Florian Weimer <fweimer@redhat.com>
	Mon, 2 May 2016 14:04:32 +0000 (16:04 +0200)
committer	Mike Frysinger <vapier@gentoo.org>
	Sat, 12 Nov 2016 05:44:23 +0000 (00:44 -0500)