Skip to content
Permalink
Browse files Browse the repository at this point in the history
ares: Prevent buffer overlow in ares_parse_a_reply (CVE-2017-9454)
This buffer overflow is in the embedded copy of ares that will be
used unless the external alternative c-ares is used by specifying
the configure argument --with-c-ares.

It has been found with LibFuzzer from the LLVM project.
  • Loading branch information
gjasny committed Jun 26, 2017
1 parent bbc4c39 commit d67a9ca
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions rutil/dns/ares/ares_parse_a_reply.c
Expand Up @@ -103,6 +103,12 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
rr_class = DNS_RR_CLASS(aptr);
rr_len = DNS_RR_LEN(aptr);
aptr += RRFIXEDSZ;
if (aptr + rr_len > abuf + alen)
{
free(rr_name);
status = ARES_EBADRESP;
break;
}

if (rr_class == C_IN && rr_type == T_A
&& rr_len == sizeof(struct in_addr)
Expand Down

0 comments on commit d67a9ca

Please sign in to comment.