Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
adns
adns-1.5.1-CVE-2017-9104.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File adns-1.5.1-CVE-2017-9104.patch of Package adns
From 7ba7a232de0516d2cce934bdc91627b33b46ef47 Mon Sep 17 00:00:00 2001 From: Ian Jackson <ijackson@chiark.greenend.org.uk> Date: Thu, 1 Dec 2016 01:42:56 +0000 Subject: [PATCH 03/32] SECURITY: Do not hang, eating CPU, if we encounter a compression pointer loop Found by AFL 2.35b. CVE-2017-9104. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> --- src/parse.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/parse.c b/src/parse.c index 07d0614..790c8ce 100644 --- a/src/parse.c +++ b/src/parse.c @@ -71,6 +71,7 @@ adns_status adns__findlabel_next(findlabel_state *fls, int *lablen_r, int *labstart_r) { int lablen, jumpto; const char *dgram; + int had_pointer= 0; dgram= fls->dgram; for (;;) { @@ -81,6 +82,7 @@ adns_status adns__findlabel_next(findlabel_state *fls, if ((lablen & 0x0c0) != 0x0c0) return adns_s_unknownformat; if (fls->cbyte >= fls->dglen) goto x_truncated; if (fls->cbyte >= fls->max) goto x_badresponse; + if (had_pointer++ >= 2) goto x_loop; GET_B(fls->cbyte,jumpto); jumpto |= (lablen&0x3f)<<8; if (fls->dmend_r) *(fls->dmend_r)= fls->cbyte; @@ -109,6 +111,11 @@ adns_status adns__findlabel_next(findlabel_state *fls, adns__diag(fls->ads,fls->serv,fls->qu, "label in domain runs beyond end of domain"); return adns_s_invalidresponse; + + x_loop: + adns__diag(fls->ads,fls->serv,fls->qu, + "compressed label pointer chain"); + return adns_s_invalidresponse; } adns_status adns__parse_domain(adns_state ads, int serv, adns_query qu, -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor