File adns-1.4-CVE-2017-9105.patch of Package adns.15333

Overview Repositories Revisions Requests Users Attributes Meta

File adns-1.4-CVE-2017-9105.patch of Package adns.15333

From 17afb298d90c5aafed76bd3855a5fe7dcd58594c Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 1 Dec 2016 02:48:09 +0000
Subject: [PATCH 04/32] SECURITY: adns: Do not corrupt pointer when nameserver
 speaks first

Wrong number of pointer dereferences.

This bug may well be exploitable as a remote code execution.

Found by AFL 2.35b.  CVE-2017-9105.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 src/event.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: adns-1.4/src/event.c
===================================================================
--- adns-1.4.orig/src/event.c
+++ adns-1.4/src/event.c
@@ -452,7 +452,7 @@ int adns_processwriteable(adns_state ads
     assert(ads->tcprecv_skip==0);
     for (;;) {
       if (!adns__vbuf_ensure(&ads->tcprecv,1)) { r= ENOMEM; goto xit; }
-      r= read(ads->tcpsocket,&ads->tcprecv.buf,1);
+      r= read(ads->tcpsocket,ads->tcprecv.buf,1);
       if (r==0 || (r<0 && (errno==EAGAIN || errno==EWOULDBLOCK))) {
 	tcp_connected(ads,*now);
 	r= 0; goto xit;

Places

File adns-1.4-CVE-2017-9105.patch of Package adns.15333

Places