c-ares/SOURCES/0005-avoid-read-heap-buffer-overflow-332.patch

31 lines
860 B
Diff

From 65f83b8bf15a128524ef5fe26e1f1e219ee9b872 Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 1 Sep 2023 20:00:12 +0200
Subject: [PATCH] avoid read-heap-buffer-overflow (#332)
Fix invalid read in ares_parse_soa_reply.c found during fuzzing
Fixes Bug: #333
Fix By: lutianxiong (@ltx2018)
---
ares_parse_soa_reply.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
index 35af0a7..5924bbc 100644
--- a/ares_parse_soa_reply.c
+++ b/ares_parse_soa_reply.c
@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
if (status != ARES_SUCCESS)
goto failed_stat;
+
+ if (alen <= len + HFIXEDSZ + 1)
+ goto failed;
aptr += len;
/* skip qtype & qclass */
--
2.38.1