michaelh/zephyr
1
0
Fork 0
Code Releases Activity

net: dns: Check DNS answer properly

Browse source 
The dns_unpack_answer() did not check the length of the message
properly which can cause out of bounds read.

Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This commit is contained in:
Jukka Rissanen 2024-11-26 17:48:43 +02:00 committed by Benjamin Cabé
commit 6e7fcff579
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
subsys/net/lib/dns/dns_pack.c
View file

@ -134,7 +134,7 @@ int dns_unpack_answer(struct dns_msg_t *dns_msg, int dname_ptr, uint32_t *ttl,
*
* See RFC-1035 4.1.3. Resource record format
*/
rem_size = dns_msg->msg_size - dname_len;
rem_size = dns_msg->msg_size - dns_msg->answer_offset - dname_len;
if (rem_size < 2 + 2 + 4 + 2) {
return -EINVAL;
}