File bsc_1195057.patch of Package ldns
commit 15d96206996bea969fbc918eb0a4a346f514b9f3
Author: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue Sep 24 16:50:27 2019 +0200
* bugfix #70: heap Out-of-bound Read vulnerability in
rr_frm_str_internal reported by pokerfacett.
commit 4e9861576a600a5ecfa16ec2de853c90dd9ce276
Author: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue Sep 24 16:51:09 2019 +0200
Fix #70 fix code.
Index: ldns-1.7.0/rr.c
===================================================================
--- ldns-1.7.0.orig/rr.c
+++ ldns-1.7.0/rr.c
@@ -360,15 +360,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **n
ldns_buffer_remaining(rd_buf) > 0){
/* skip spaces */
- while (*(ldns_buffer_current(rd_buf)) == ' ') {
+ while (ldns_buffer_remaining(rd_buf) > 0 &&
+ *(ldns_buffer_current(rd_buf)) == ' ') {
ldns_buffer_skip(rd_buf, 1);
}
- if (*(ldns_buffer_current(rd_buf)) == '\"') {
+ if (ldns_buffer_remaining(rd_buf) > 0 &&
+ *(ldns_buffer_current(rd_buf)) == '\"') {
delimiters = "\"\0";
ldns_buffer_skip(rd_buf, 1);
quoted = true;
- } else if (ldns_rr_descriptor_field_type(desc, r_cnt)
+ }
+ if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
== LDNS_RDF_TYPE_LONG_STR) {
status = LDNS_STATUS_SYNTAX_RDATA_ERR;