Skip to content
Permalink
Browse files Browse the repository at this point in the history
* bugfix #70: heap Out-of-bound Read vulnerability in
  rr_frm_str_internal reported by pokerfacett.
  • Loading branch information
wcawijngaards committed Sep 24, 2019
1 parent 70d94cf commit 15d9620
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
4 changes: 4 additions & 0 deletions Changelog
@@ -1,3 +1,7 @@
...
* bugfix #70: heap Out-of-bound Read vulnerability in
rr_frm_str_internal reported by pokerfacett.

1.7.1 2019-07-26
* bugfix: Manage verification paths for OpenSSL >= 1.1.0
Thanks Marco Davids
Expand Down
9 changes: 6 additions & 3 deletions rr.c
Expand Up @@ -365,15 +365,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
ldns_buffer_remaining(rd_buf) > 0){

/* skip spaces */
while (*(ldns_buffer_current(rd_buf)) == ' ') {
while (sldns_buffer_remaining(strbuf) > 0 &&
*(ldns_buffer_current(rd_buf)) == ' ') {
ldns_buffer_skip(rd_buf, 1);
}

if (*(ldns_buffer_current(rd_buf)) == '\"') {
if (sldns_buffer_remaining(strbuf) > 0 &&
*(ldns_buffer_current(rd_buf)) == '\"') {
delimiters = "\"\0";
ldns_buffer_skip(rd_buf, 1);
quoted = true;
} else if (ldns_rr_descriptor_field_type(desc, r_cnt)
}
if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
== LDNS_RDF_TYPE_LONG_STR) {

status = LDNS_STATUS_SYNTAX_RDATA_ERR;
Expand Down

0 comments on commit 15d9620

Please sign in to comment.