- Fix OOB Read in sldns_wire2str_dname_scan(),

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 3 Dec 2019 14:42:34 +0000 (15:42 +0100)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Tue, 3 Dec 2019 14:42:34 +0000 (15:42 +0100)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 3 Dec 2019 14:42:34 +0000 (15:42 +0100)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Tue, 3 Dec 2019 14:42:34 +0000 (15:42 +0100)
diff --git a/doc/Changelog b/doc/Changelog

index 16b6d53c14e147bfe7ceb82f3545d1994651807b..aabdcec2550202388bd72dcecb265628ae251034 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -8,6 +8,8 @@
         - Fix similar code in auth_zone synth cname to add the extra checks.
         - Fix Assert Causing DoS in dname_pkt_copy(),
           reported by X41 D-Sec.
+       - Fix OOB Read in sldns_wire2str_dname_scan(),
+         reported by X41 D-Sec.
  
  2 December 2019: Wouter
         - Merge pull request #122 from he32: In tcp_callback_writer(),
diff --git a/sldns/wire2str.c b/sldns/wire2str.c

index ddff33a283f84dc11451f202e9ae28661650dbc2..8ccc78d95532c96a1bcc66423a415ed0863b6f83 100644 (file)
--- a/sldns/wire2str.c
+++ b/sldns/wire2str.c
@@ -798,7 +798,7 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
                 (*dlen)--;
                 return sldns_str_print(s, slen, ".");
         }
-       while(*pos) {
+       while((!pkt || pos < pkt+pktlen) && *pos) {
                 /* read label length */
                 uint8_t labellen = *pos++;
                 if(in_buf) { (*d)++; (*dlen)--; }
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 3 Dec 2019 14:42:34 +0000 (15:42 +0100)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Tue, 3 Dec 2019 14:42:34 +0000 (15:42 +0100)
doc/Changelog		patch \| blob \| blame \| history
sldns/wire2str.c		patch \| blob \| blame \| history