]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e4d30cb)
dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
authorMark Andrews <marka@isc.org>
Fri, 14 Aug 2020 22:50:37 +0000 (08:50 +1000)
committerOndřej Surý <ondrej@sury.org>
Tue, 18 Aug 2020 09:04:05 +0000 (11:04 +0200)
fuzz/dns_rdata_fromwire_text.c patch | blob | blame | history

diff --git a/fuzz/dns_rdata_fromwire_text.c b/fuzz/dns_rdata_fromwire_text.c
index e231168f1f237054f90ec2c58093f3ab888a0d05..06e73d451b59155fc451e614dd44f4c0ea630b8a 100644 (file)
--- a/fuzz/dns_rdata_fromwire_text.c
+++ b/fuzz/dns_rdata_fromwire_text.c
@@ -95,7 +95,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
        unsigned int classes = (sizeof(classlist) / sizeof(classlist[0]));
        unsigned int types = 1, flags, t;
 
-       if (size < 2) {
+       /*
+        * First 2 bytes are used to select type and class.
+        * dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
+        */
+       if (size < 2 || size > 0xffff + 2) {
                return (0);
        }
 
Mirror of https://gitlab.isc.org/isc-projects/bind9.git