Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
adns
adns-1.5.1-CVE-2017-9103.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File adns-1.5.1-CVE-2017-9103.patch of Package adns
From 020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2 Mon Sep 17 00:00:00 2001 From: Ian Jackson <ijackson@chiark.greenend.org.uk> Date: Wed, 23 Nov 2016 21:03:40 +0000 Subject: [PATCH 02/32] SECURITY: pap_mailbox822: Properly check st from adns__findlabel_next Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. Found by AFL 2.35b. CVE-2017-9103. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> --- src/types.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/types.c b/src/types.c index a4478fa..5e2bd14 100644 --- a/src/types.c +++ b/src/types.c @@ -1278,6 +1278,7 @@ static adns_status pap_mailbox822(const parseinfo *pai, pai->dgram, pai->dglen, max, *cbyte_io, cbyte_io); st= adns__findlabel_next(&fls,&lablen,&labstart); + if (st) return st; if (!lablen) { adns__vbuf_appendstr(vb,"."); goto x_ok; -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor