summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authormillert <>2023-03-15 22:12:00 +0000
committermillert <>2023-03-15 22:12:00 +0000
commitcbba06334e8e30c875ee85d95ae413f06de0e4ad (patch)
tree7325fefa36d036b0d5387eb1f88911daf6f6dd5e /src/lib
parent76806942103810c65379e71cf627f5490fe4674b (diff)
downloadopenbsd-cbba06334e8e30c875ee85d95ae413f06de0e4ad.tar.gz
openbsd-cbba06334e8e30c875ee85d95ae413f06de0e4ad.tar.bz2
openbsd-cbba06334e8e30c875ee85d95ae413f06de0e4ad.zip
Fix a number of out of bound reads in DNS response parsing.
Originally from djm@. OK deraadt@ florian@ bluhm@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libc/net/res_comp.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libc/net/res_comp.c b/src/lib/libc/net/res_comp.c
index 7ccd44ad8d..ce9f92ae77 100644
--- a/src/lib/libc/net/res_comp.c
+++ b/src/lib/libc/net/res_comp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: res_comp.c,v 1.22 2022/12/27 17:10:06 jmc Exp $ */ 1/* $OpenBSD: res_comp.c,v 1.23 2023/03/15 22:12:00 millert Exp $ */
2 2
3/* 3/*
4 * ++Copyright++ 1985, 1993 4 * ++Copyright++ 1985, 1993
@@ -82,6 +82,9 @@ dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn,
82 char *eom; 82 char *eom;
83 int len = -1, checked = 0; 83 int len = -1, checked = 0;
84 84
85 if (comp_dn < msg || comp_dn >= eomorig)
86 return (-1);
87
85 dn = exp_dn; 88 dn = exp_dn;
86 cp = comp_dn; 89 cp = comp_dn;
87 if (length > HOST_NAME_MAX) 90 if (length > HOST_NAME_MAX)
@@ -91,6 +94,9 @@ dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn,
91 * fetch next label in domain name 94 * fetch next label in domain name
92 */ 95 */
93 while ((n = *cp++)) { 96 while ((n = *cp++)) {
97 if (cp >= eomorig) /* out of range */
98 return (-1);
99
94 /* 100 /*
95 * Check for indirection 101 * Check for indirection
96 */ 102 */