- Fix Out of Bounds Write in sldns_b64_pton(),

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 3 Dec 2019 15:10:34 +0000 (16:10 +0100)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 3 Dec 2019 15:10:34 +0000 (16:10 +0100)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 3 Dec 2019 15:10:34 +0000 (16:10 +0100)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 3 Dec 2019 15:10:34 +0000 (16:10 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index 5c4cb3eb10e3341b7616d75662303b45d34502d7..00e20279ff611a82a87c0555a42162cbb486a22a 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -12,6 +12,9 @@
           reported by X41 D-Sec.
         - Fix Out of Bounds Write in sldns_str2wire_str_buf(),
           reported by X41 D-Sec.
+       - Fix Out of Bounds Write in sldns_b64_pton(),
+         fixed by check in sldns_str2wire_int16_data_buf(),
+         reported by X41 D-Sec.
  
  2 December 2019: Wouter
         - Merge pull request #122 from he32: In tcp_callback_writer(),
diff --git a/sldns/str2wire.c b/sldns/str2wire.c

index eea9a38b8b8433400a021c20c3acd3aa83c93e2c..358e45345e654b2dbd0b1b5a56e5ebb9ac36ce56 100644 (file)
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -2104,6 +2104,8 @@ int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len)
         char* s;
         int n;
         n = strtol(str, &s, 10);
+       if(n < 0) /* negative number not allowed */
+               return LDNS_WIREPARSE_ERR_SYNTAX;
         if(*len < ((size_t)n)+2)
                 return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
         if(n > 65535)
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 3 Dec 2019 15:10:34 +0000 (16:10 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 3 Dec 2019 15:10:34 +0000 (16:10 +0100)
doc/Changelog		patch \| blob \| blame \| history
sldns/str2wire.c		patch \| blob \| blame \| history