Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
ldns.24859
bsc_1195057.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc_1195057.patch of Package ldns.24859
commit 15d96206996bea969fbc918eb0a4a346f514b9f3 Author: Wouter Wijngaards <wouter@nlnetlabs.nl> Date: Tue Sep 24 16:50:27 2019 +0200 * bugfix #70: heap Out-of-bound Read vulnerability in rr_frm_str_internal reported by pokerfacett. commit 4e9861576a600a5ecfa16ec2de853c90dd9ce276 Author: Wouter Wijngaards <wouter@nlnetlabs.nl> Date: Tue Sep 24 16:51:09 2019 +0200 Fix #70 fix code. Index: ldns-1.7.0/rr.c =================================================================== --- ldns-1.7.0.orig/rr.c +++ ldns-1.7.0/rr.c @@ -360,15 +360,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **n ldns_buffer_remaining(rd_buf) > 0){ /* skip spaces */ - while (*(ldns_buffer_current(rd_buf)) == ' ') { + while (ldns_buffer_remaining(rd_buf) > 0 && + *(ldns_buffer_current(rd_buf)) == ' ') { ldns_buffer_skip(rd_buf, 1); } - if (*(ldns_buffer_current(rd_buf)) == '\"') { + if (ldns_buffer_remaining(rd_buf) > 0 && + *(ldns_buffer_current(rd_buf)) == '\"') { delimiters = "\"\0"; ldns_buffer_skip(rd_buf, 1); quoted = true; - } else if (ldns_rr_descriptor_field_type(desc, r_cnt) + } + if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt) == LDNS_RDF_TYPE_LONG_STR) { status = LDNS_STATUS_SYNTAX_RDATA_ERR;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor