diff options
| author | Alexey Izbyshev <izbyshev@ispras.ru> | 2023-01-29 19:46:51 +0300 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2023-02-27 10:03:06 -0500 |
| commit | 9b132e556774c744f9052581d2d8d0fab417e97c (patch) | |
| tree | cbb516502c92f69bb6b01c82dbb7c30fed845c56 /src/network/lookup.h | |
| parent | 12590c8bbd04ea484cee86812e2258fbdfca0e59 (diff) | |
| download | musl-9b132e556774c744f9052581d2d8d0fab417e97c.tar.gz musl-9b132e556774c744f9052581d2d8d0fab417e97c.tar.xz musl-9b132e556774c744f9052581d2d8d0fab417e97c.zip | |
prevent CNAME/PTR parsing from reading data past the response end
DNS parsing callbacks pass the response buffer end instead of the actual response end to dn_expand, so a malformed DNS response can use message compression to make dn_expand jump past the response end and attempt to parse uninitialized parts of that buffer, which might succeed and return garbage.
Diffstat (limited to 'src/network/lookup.h')
| -rw-r--r-- | src/network/lookup.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/network/lookup.h b/src/network/lookup.h index ef662725..54b2f8b5 100644 --- a/src/network/lookup.h +++ b/src/network/lookup.h @@ -50,6 +50,6 @@ hidden int __lookup_ipliteral(struct address buf[static 1], const char *name, in hidden int __get_resolv_conf(struct resolvconf *, char *, size_t); hidden int __res_msend_rc(int, const unsigned char *const *, const int *, unsigned char *const *, int *, int, const struct resolvconf *); -hidden int __dns_parse(const unsigned char *, int, int (*)(void *, int, const void *, int, const void *), void *); +hidden int __dns_parse(const unsigned char *, int, int (*)(void *, int, const void *, int, const void *, int), void *); #endif |