- Fix Out of Bounds Read in rrinternal_get_owner(),

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 20 Nov 2019 07:28:12 +0000 (08:28 +0100)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 20 Nov 2019 07:28:12 +0000 (08:28 +0100)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 20 Nov 2019 07:28:12 +0000 (08:28 +0100)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 20 Nov 2019 07:28:12 +0000 (08:28 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index 54c69a8f7cb0162eec9fc765b741df32c627039a..d02d7412213e045581b1ac68afb03769d6a70ccf 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+20 November 2019: Wouter
+       - Fix Out of Bounds Read in rrinternal_get_owner(),
+         reported by X41 D-Sec.
+
  19 November 2019: Wouter
         - Fix CVE-2019-18934, shell execution in ipsecmod.
         - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
diff --git a/sldns/str2wire.c b/sldns/str2wire.c

index 7c91bbe3da19f40c7f2ed0ea6d55da7d8ecc0601..705cbc286bc5527709bcaebdd779efb45fed8fe3 100644 (file)
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -193,6 +193,9 @@ rrinternal_get_owner(sldns_buffer* strbuf, uint8_t* rr, size_t* len,
                         sldns_buffer_position(strbuf));
         }
  
+       if(token_len < 2) /* make sure there is space to read "@" or "" */
+               return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
+                       sldns_buffer_position(strbuf));
         if(token[0]=='@' && token[1]=='\0') {
                 uint8_t* tocopy;
                 if (origin) {
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 20 Nov 2019 07:28:12 +0000 (08:28 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 20 Nov 2019 07:28:12 +0000 (08:28 +0100)
doc/Changelog		patch \| blob \| blame \| history
sldns/str2wire.c		patch \| blob \| blame \| history