Overview

File bsc_1195057.patch of Package ldns

commit 15d96206996bea969fbc918eb0a4a346f514b9f3
Author: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date:   Tue Sep 24 16:50:27 2019 +0200

    * bugfix #70: heap Out-of-bound Read vulnerability in
      rr_frm_str_internal reported by pokerfacett.

commit 4e9861576a600a5ecfa16ec2de853c90dd9ce276
Author: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date:   Tue Sep 24 16:51:09 2019 +0200

    Fix #70 fix code.


Index: ldns-1.7.0/rr.c
===================================================================
--- ldns-1.7.0.orig/rr.c
+++ ldns-1.7.0/rr.c
@@ -360,15 +360,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **n
 				ldns_buffer_remaining(rd_buf) > 0){
 
 			/* skip spaces */
-			while (*(ldns_buffer_current(rd_buf)) == ' ') {
+			while (ldns_buffer_remaining(rd_buf) > 0 &&
+				*(ldns_buffer_current(rd_buf)) == ' ') {
 				ldns_buffer_skip(rd_buf, 1);
 			}
 
-			if (*(ldns_buffer_current(rd_buf)) == '\"') {
+			if (ldns_buffer_remaining(rd_buf) > 0 &&
+				*(ldns_buffer_current(rd_buf)) == '\"') {
 				delimiters = "\"\0";
 				ldns_buffer_skip(rd_buf, 1);
 				quoted = true;
-			} else if (ldns_rr_descriptor_field_type(desc, r_cnt)
+			}
+			if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
 					== LDNS_RDF_TYPE_LONG_STR) {
 
 				status = LDNS_STATUS_SYNTAX_RDATA_ERR;
openSUSE Build Service is sponsored by
Places