Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
libunbound-devel-mini.24859
bsc1185391.2_CVE-2019-25040.1_2d444a50.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc1185391.2_CVE-2019-25040.1_2d444a50.patch of Package libunbound-devel-mini.24859
From 2d444a5037acff6024630b88092d9188f2f5d8fe Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Date: Tue, 3 Dec 2019 16:17:03 +0100 Subject: [PATCH] - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), reported by X41 D-Sec. --- util/data/dname.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- util/data/dname.c +++ util/data/dname.c 2022-01-17 12:49:55.864016093 +0000 @@ -339,15 +339,21 @@ dname_pkt_hash(sldns_buffer* pkt, uint8_ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) { /* copy over the dname and decompress it at the same time */ + size_t comprcount = 0; size_t len = 0; uint8_t lablen; lablen = *dname++; while(lablen) { if(LABEL_IS_PTR(lablen)) { + if(comprcount++ > MAX_COMPRESS_PTRS) { + /* too many compression pointers */ + *to = 0; /* end the result prematurely */ + return; + } /* follow pointer */ - if((size_t)PTR_OFFSET(lablen, *dname) - >= sldns_buffer_limit(pkt)) - return; + if((size_t)PTR_OFFSET(lablen, *dname) + >= sldns_buffer_limit(pkt)) + return; dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); lablen = *dname++; continue;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
