- Fix Out of Bounds Read in sldns_str2wire_dname(),

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 19 Nov 2019 15:46:33 +0000 (16:46 +0100)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 19 Nov 2019 15:46:33 +0000 (16:46 +0100)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 19 Nov 2019 15:46:33 +0000 (16:46 +0100)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 19 Nov 2019 15:46:33 +0000 (16:46 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index 509b74b872db3ce89ea4c1b904f74f899e1431a9..e604158acc892505041c9c1e86567e697c9873f5 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -13,6 +13,8 @@
           reported by X41 D-Sec.
         - Fix Integer Overflow to Buffer Overflow in
           sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
+       - Fix Out of Bounds Read in sldns_str2wire_dname(),
+         reported by X41 D-Sec.
  
  18 November 2019: Wouter
         - In unbound-host use separate variable for get_option to please
diff --git a/sldns/str2wire.c b/sldns/str2wire.c

index f08f107c608bc2b6b2ef58462e344bad03727ebc..7c91bbe3da19f40c7f2ed0ea6d55da7d8ecc0601 100644 (file)
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -172,7 +172,9 @@ uint8_t* sldns_str2wire_dname(const char* str, size_t* len)
         uint8_t dname[LDNS_MAX_DOMAINLEN+1];
         *len = sizeof(dname);
         if(sldns_str2wire_dname_buf(str, dname, len) == 0) {
-               uint8_t* r = (uint8_t*)malloc(*len);
+               uint8_t* r;
+               if(*len > sizeof(dname)) return NULL;
+               r = (uint8_t*)malloc(*len);
                 if(r) return memcpy(r, dname, *len);
         }
         *len = 0;
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 19 Nov 2019 15:46:33 +0000 (16:46 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 19 Nov 2019 15:46:33 +0000 (16:46 +0100)
doc/Changelog		patch \| blob \| blame \| history
sldns/str2wire.c		patch \| blob \| blame \| history