Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: buffer overflow bug #532

Merged
merged 1 commit into from Feb 2, 2022
Merged

Conversation

Shchelk
Copy link
Contributor

@Shchelk Shchelk commented Aug 20, 2021

Found by static analyzer svace
Static analyzer message: Array 'token' of size 65536 bytes passed to function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as 2nd parameter to function 'rrinternal_parse_rdata' at str2wire.c:775, where it is accessed by unacceptable index. This may lead to buffer overflow.

on-behalf-of: @ideco-team github@ideco.ru

Found by static analyzer svace
Static analyzer message: Array 'token' of size 65536 bytes passed to
function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as 2nd
parameter to function 'rrinternal_parse_rdata' at str2wire.c:775, where
it is accessed by unacceptable index. This may lead to buffer overflow.

on-behalf-of: @ideco-team <github@ideco.ru>
gthess added a commit that referenced this pull request Feb 2, 2022
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
@gthess gthess merged commit d81e1c9 into NLnetLabs:master Feb 2, 2022
@gthess
Copy link
Member

gthess commented Feb 2, 2022

Thanks for the fix! This could result to buffer overflow when reading HIP records from string.

jedisct1 added a commit to jedisct1/unbound that referenced this pull request Feb 11, 2022
* nlnet/master: (33 commits)
  - Fix NLnetLabs#618: enabling interface-automatic disables DNS-over-TLS.   Adds the option to list interface-automatic-ports.
  - Fix NLnetLabs#624: Unable to stop Unbound in Windows console (does not   respond to CTRL+C command).
  Release 1.15.0 on 10 feb 2022. The repository continues with version 1.15.1. And Changelog note.
  Note 1.15.0rc1 tag creation in Changelog. - Tag for 1.15.0rc1 created.
  - Fix that TCP interface does not use TLS when TLS is also configured.
  - Fix NLnetLabs#412: cache invalidation issue with CNAME+A.
  - Fix for NLnetLabs#611: Integer overflow in sldns_wire2str_pkt_scan.
  - Update contrib/aaaa-filter-iterator.patch with diff for current   software version.
  - Fix docker splint test to use more portable uname.
  - please clang analyzer for loop in test code.
  - Changelog entry clarification.
  - Fix header comment for doxygen for authextstrtoaddr.
  - Update version number in repo to 1.15.0 for upcoming release,   since it changes the aggressive-nsec default and the ratelimit change.
  - Update stream_ssl.tdir test to also use the new forward-host notation.
  - Merge PR NLnetLabs#617: Update stub/forward-host notation to accept port and   tls-auth-name.
  Don't accidentaly introduce a troff macro
  - Change aggressive-nsec default to yes.
  Changelog entry for NLnetLabs#616 - Merge PR NLnetLabs#616: Update ratelimit logic. It also introduces   ratelimit-backoff and ip-ratelimit-backoff configuration options.
  Changelog entry for NLnetLabs#532 - Merge PR NLnetLabs#532 from Shchelk: Fix: buffer overflow bug.
  Changelog note for NLnetLabs#603: - Merge PR NLnetLabs#603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA   internals.
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants