Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Stack-based Buffer Overflow in the dname_concatenate() function #20
While fuzzing nsd-checkzone with American Fuzzy Lop, I found a Stack-based Buffer Overflow in the dname_concatenate() function, in dname.c L464.
Attaching a reproducer (gzipped so GitHub accepts it), issue can be reproduced by running:
nsd-checkzone all.rr zone02
Address 0x7ffcd6a9763f is located in stack of thread T0 at offset 287 in frame
This frame has 1 object(s):
Thank you for the detailed report! That is very useful, the check on the max length of the concatenate was missing here. The commit adds it.