luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-12 15:36:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

gthreadedresolver: Check header length when parsing response

Browse Source 
Otherwise we could read off the end of an invalid response.

oss-fuzz#42538
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
Philip Withnall 2022-03-18 15:49:33 +00:00
parent 5cdacced3f
commit 263ca69da8
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
gio/gthreadedresolver.c
View File

@ -667,6 +667,7 @@ g_resolver_records_from_res_query (const gchar *rrname,
const HEADER *header;
GList *records;
GVariant *record;
gsize len_unsigned;
if (len <= 0)
{
@ -689,11 +690,23 @@ g_resolver_records_from_res_query (const gchar *rrname,
return NULL;
}
/* We know len ≥ 0 now. */
len_unsigned = (gsize) len;
if (len_unsigned < sizeof (HEADER))
{
g_set_error (error, G_RESOLVER_ERROR, G_RESOLVER_ERROR_INTERNAL,
/* Translators: the first placeholder is a domain name, the
* second is an error message */
_("Error resolving “%s”: %s"), rrname, _("Malformed DNS packet"));
return NULL;
}
records = NULL;
header = (HEADER *)answer;
p = answer + sizeof (HEADER);
end = answer + len;
end = answer + len_unsigned;
/* Skip query */
count = ntohs (header->qdcount);