Permalink
Browse files

dns: fix out of bounds read

On a zero size A or AAAA record, 4 or 16 bytes would still be
read.

Found with AFL+ASAN.
  • Loading branch information...
inliniac committed Feb 9, 2017
1 parent 4a04f81 commit 20990f7a7eb7939946a275dfc9a95426b0080a19
Showing with 2 additions and 2 deletions.
  1. +2 −2 src/app-layer-dns-common.c
@@ -858,7 +858,7 @@ const uint8_t *DNSReponseParse(DNSState *dns_state, const DNSHeader * const dns_
DNSStoreAnswerInState(dns_state, list, fqdn, fqdn_len,
ntohs(head->type), ntohs(head->class), ntohl(head->ttl),
data, 4, ntohs(dns_header->tx_id));
data, datalen, ntohs(dns_header->tx_id));
} else {
SCLogDebug("invalid length for A response data: %u", ntohs(head->len));
goto bad_data;
@@ -876,7 +876,7 @@ const uint8_t *DNSReponseParse(DNSState *dns_state, const DNSHeader * const dns_
DNSStoreAnswerInState(dns_state, list, fqdn, fqdn_len,
ntohs(head->type), ntohs(head->class), ntohl(head->ttl),
data, 16, ntohs(dns_header->tx_id));
data, datalen, ntohs(dns_header->tx_id));
} else {
SCLogDebug("invalid length for AAAA response data: %u", ntohs(head->len));
goto bad_data;

0 comments on commit 20990f7

Please sign in to comment.