From: Jérôme Magnin <jmagnin@haproxy.com>
Date: Thu, 20 Dec 2018 15:47:31 +0000 (+0100)
Subject: BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_r... 
X-Git-Tag: v2.0-dev0~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d4e7dc880d2094658fead50dedd9c22c95c556a;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()

A regression was introduced with efbbdf72 BUG: dns: Prevent out-of-bounds
read in dns_validate_dns_response() as it prevented from taking into account
the last byte of the payload.  this patch aims at fixing it.

this must be backported in 1.8.
---

diff --git a/src/dns.c b/src/dns.c
index c1396f5259..78d8f52f21 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -810,7 +810,7 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend,
 		/* Move forward 2 bytes for data len */
 		reader += 2;
 
-		if (reader + dns_answer_record->data_len >= bufend) {
+		if (reader + dns_answer_record->data_len > bufend) {
 			pool_free(dns_answer_item_pool, dns_answer_record);
 			return DNS_RESP_INVALID;
 		}