diff options
Diffstat (limited to 'main/c-ares/CVE-2017-1000381.patch')
| -rw-r--r-- | main/c-ares/CVE-2017-1000381.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/main/c-ares/CVE-2017-1000381.patch b/main/c-ares/CVE-2017-1000381.patch new file mode 100644 index 0000000000..dadd132d8d --- /dev/null +++ b/main/c-ares/CVE-2017-1000381.patch @@ -0,0 +1,37 @@ +From e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 Mon Sep 17 00:00:00 2001 +From: David Drysdale <drysdale@google.com> +Date: Mon, 22 May 2017 10:54:10 +0100 +Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data + +Check that there is enough data for the required elements +of an NAPTR record (2 int16, 3 bytes for string lengths) +before processing a record. +--- + ares_parse_naptr_reply.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/ares_parse_naptr_reply.c b/ares_parse_naptr_reply.c +index 11634df9847c..717d35577811 100644 +--- a/ares_parse_naptr_reply.c ++++ b/ares_parse_naptr_reply.c +@@ -110,6 +110,12 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen, + status = ARES_EBADRESP; + break; + } ++ /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */ ++ if (rr_len < 7) ++ { ++ status = ARES_EBADRESP; ++ break; ++ } + + /* Check if we are really looking at a NAPTR record */ + if (rr_class == C_IN && rr_type == T_NAPTR) +@@ -185,4 +191,3 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen, + + return ARES_SUCCESS; + } +- +-- +2.13.0.303.g4ebf302169-goog + |