dnsdist-1.8.x: YaHTTP: Prevent integer overflow on very large chunks #13127

rgacogne · 2023-08-14T14:31:32Z

Backport of #12892 to rel/dnsdist-1.8.x

If the chunk_size is very close to the maximum value of an integer, we trigger an integer overflow when checking if we have a trailing newline after the payload.
Reported by OSS-Fuzz as:
https://oss-fuzz.com/testcase-detail/6439610474692608 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56804

(cherry picked from commit b602982)

I have:

If the chunk_size is very close to the maximum value of an integer, we trigger an integer overflow when checking if we have a trailing newline after the payload. Reported by OSS-Fuzz as: https://oss-fuzz.com/testcase-detail/6439610474692608 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56804 (cherry picked from commit b602982)

rgacogne added defect dnsdist labels Aug 14, 2023

rgacogne added this to the dnsdist-1.8.x milestone Aug 14, 2023

omoerbeek approved these changes Aug 23, 2023

View reviewed changes

rgacogne merged commit a362f5d into PowerDNS:rel/dnsdist-1.8.x Aug 23, 2023

rgacogne deleted the ddist18-yahttp-fuzz-overflow branch August 23, 2023 11:49

Provide feedback