- Fix Assert Causing DoS in dname_pkt_copy(),

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 3 Dec 2019 14:20:48 +0000 (15:20 +0100)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 3 Dec 2019 14:20:48 +0000 (15:20 +0100)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 3 Dec 2019 14:20:48 +0000 (15:20 +0100)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 3 Dec 2019 14:20:48 +0000 (15:20 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index 67f89849d44eb4dc4c28403ee15ae648124496b3..16b6d53c14e147bfe7ceb82f3545d1994651807b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -6,6 +6,8 @@
         - Fix Assert Causing DoS in synth_cname(),
           reported by X41 D-Sec.
         - Fix similar code in auth_zone synth cname to add the extra checks.
+       - Fix Assert Causing DoS in dname_pkt_copy(),
+         reported by X41 D-Sec.
  
  2 December 2019: Wouter
         - Merge pull request #122 from he32: In tcp_callback_writer(),
diff --git a/util/data/dname.c b/util/data/dname.c

index 71e14180d524e4935e54c408afdf6dd5c83618f5..0cca0a4e684628cfabbdac09900519ef565cc79f 100644 (file)
--- a/util/data/dname.c
+++ b/util/data/dname.c
@@ -339,6 +339,10 @@ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname)
                         lablen = *dname++;
                         continue;
                 }
+               if(lablen > LDNS_MAX_LABELLEN) {
+                       *to = 0; /* end the result prematurely */
+                       return;
+               }
                 log_assert(lablen <= LDNS_MAX_LABELLEN);
                 len += (size_t)lablen+1;
                 if(len >= LDNS_MAX_DOMAINLEN) {
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 3 Dec 2019 14:20:48 +0000 (15:20 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 3 Dec 2019 14:20:48 +0000 (15:20 +0100)
doc/Changelog		patch \| blob \| blame \| history
util/data/dname.c		patch \| blob \| blame \| history