aboutsummaryrefslogtreecommitdiffstats
path: root/toolchain
diff options
context:
space:
mode:
authorKevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>2017-08-29 14:29:18 +0100
committerHans Dedecker <dedeckeh@gmail.com>2017-08-30 21:12:49 +0200
commita006b48c04543947e1e924972a9026824bdc3d29 (patch)
tree74f39b374475232702ee2f9e4c866ac12d5252cc /toolchain
parentdc8392f6a1ca1ec50306af390576d4a19e9a9290 (diff)
downloadupstream-a006b48c04543947e1e924972a9026824bdc3d29.tar.gz
upstream-a006b48c04543947e1e924972a9026824bdc3d29.tar.bz2
upstream-a006b48c04543947e1e924972a9026824bdc3d29.zip
dnsmasq: forward.c: fix CVE-2017-13704
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() is called with header & limit pointing at the same address and thus tries to clear memory from before the buffer begins. answer_request() is called with an invalid edns packet size provided by the client. Ensure the udp_size provided by the client is bounded by 512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 MUST be treated as equal to 512" The client that exposed the problem provided a payload udp size of 0. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Diffstat (limited to 'toolchain')
0 files changed, 0 insertions, 0 deletions