Fix memory corruption in ldns_str2rdf_long_str (#1511046)

Signed-off-by: Petr Menšík <pemensik@redhat.com>
This commit is contained in:
Petr Menšík 2017-11-09 17:47:33 +01:00
parent 34b80520a8
commit 6197b6bb16
2 changed files with 36 additions and 1 deletions

30
ldns-1.7.0-realloc.patch Normal file
View File

@ -0,0 +1,30 @@
From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 27 Apr 2017 00:25:20 +0200
Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size
Thanks Stephan Zeisberg
---
str2host.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/str2host.c b/str2host.c
index b274b17..f2a317b 100644
--- a/str2host.c
+++ b/str2host.c
@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
if (! str) {
return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
}
- length = (size_t)(dp - data);
-
+ if (!(length = (size_t)(dp - data))) {
+ LDNS_FREE(data);
+ return LDNS_STATUS_SYNTAX_EMPTY;
+ }
/* Lose the overmeasure */
data = LDNS_XREALLOC(dp = data, uint8_t, length);
if (! data) {
--
2.9.5

View File

@ -26,13 +26,14 @@
Summary: Low-level DNS(SEC) library with API
Name: ldns
Version: 1.7.0
Release: 9%{?dist}
Release: 10%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
Source0: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Patch1: ldns-1.7.0-multilib.patch
Patch2: ldns-1.7.0-parse-limit.patch
Patch3: ldns-1.7.0-realloc.patch
Group: System Environment/Libraries
# Only needed for builds from svn snapshot
@ -116,6 +117,7 @@ This package contains documentation for the ldns library
%setup -q
%patch1 -p1
%patch2 -p1 -b .limit
%patch3 -p1 -b .realloc
# To built svn snapshots
# rm config.guess config.sub ltmain.sh
# aclocal
@ -274,6 +276,9 @@ rm -rf %{buildroot}
%doc doc
%changelog
* Thu Nov 09 2017 Petr Menšík <pemensik@redhat.com> - 1.7.0-10
- Fix memory corruption in ldns_str2rdf_long_str (#1511046)
* Thu Nov 09 2017 Petr Menšík <pemensik@redhat.com> - 1.7.0-9
- Fix memory corruption in ldns_rr_new_frm_fp_l (#1511046)