]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6aa4694)
dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
authorMark Andrews <marka@isc.org>
Fri, 14 Aug 2020 22:50:37 +0000 (08:50 +1000)
committerOndřej Surý <ondrej@isc.org>
Tue, 18 Aug 2020 09:11:36 +0000 (11:11 +0200)
(cherry picked from commit aa811801cbfec1215f7faee77be9d0c68774914f)

fuzz/dns_rdata_fromwire_text.c patch | blob | blame | history

diff --git a/fuzz/dns_rdata_fromwire_text.c b/fuzz/dns_rdata_fromwire_text.c
index 97d8a02e521ef3c1411bd512e0cfc0c522e1b447..ebf76da4289ea322f845ef615774f58742bc321f 100644 (file)
--- a/fuzz/dns_rdata_fromwire_text.c
+++ b/fuzz/dns_rdata_fromwire_text.c
@@ -82,8 +82,12 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
        unsigned int classes = (sizeof(classlist) / sizeof(classlist[0]));
        unsigned int types = 1, flags, t;
 
-       if (size < 2) {
-               goto done;
+       /*
+        * First 2 bytes are used to select type and class.
+        * dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
+        */
+       if (size < 2 || size > 0xffff + 2) {
+               return (0);
        }
 
        /*
Mirror of https://gitlab.isc.org/isc-projects/bind9.git