]> git.kaiwu.me - haproxy.git/commit
projects / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: efbbdf7) | patch
BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
authorRemi Gacogne <remi.gacogne@powerdns.com>
Wed, 5 Dec 2018 16:57:49 +0000 (17:57 +0100)
committerWilly Tarreau <w@1wt.eu>
Wed, 12 Dec 2018 13:44:38 +0000 (14:44 +0100)
commitbc552102ad0ba14eaf83a93a5119f316fa6481f5
tree0bdb99270107e7588497c87facd1505dd6b6fdfetree | snapshot
parentefbbdf72992cd20458259962346044cafd9331c0commit | diff
BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()

Since the data_len field of the dns_answer_item struct was an int16_t,
record length values larger than 2^15-1 were causing an integer
overflow and thus may have been interpreted as negative, making us
read well before the beginning of the buffer.
This might have led to information disclosure or a crash.

To be backported to 1.8, probably also 1.7.
include/types/dns.h diff | blob | history
haproxy upstream