projects / musl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 12590c8) | patch
prevent CNAME/PTR parsing from reading data past the response end
authorAlexey Izbyshev <izbyshev@ispras.ru>
Sun, 29 Jan 2023 16:46:51 +0000 (19:46 +0300)
committerRich Felker <dalias@aerifal.cx>
Mon, 27 Feb 2023 15:03:06 +0000 (10:03 -0500)
commit9b132e556774c744f9052581d2d8d0fab417e97c
treecbb516502c92f69bb6b01c82dbb7c30fed845c56tree | snapshot
parent12590c8bbd04ea484cee86812e2258fbdfca0e59commit | diff
prevent CNAME/PTR parsing from reading data past the response end

DNS parsing callbacks pass the response buffer end instead of the actual
response end to dn_expand, so a malformed DNS response can use message
compression to make dn_expand jump past the response end and attempt to
parse uninitialized parts of that buffer, which might succeed and return
garbage.
src/network/dns_parse.c diff | blob | history
src/network/getnameinfo.c diff | blob | history
src/network/lookup.h diff | blob | history
src/network/lookup_name.c diff | blob | history
musl