BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()

A regression was introduced with efbbdf72 BUG: dns: Prevent out-of-bounds
read in dns_validate_dns_response() as it prevented from taking into account
the last byte of the payload.  this patch aims at fixing it.

this must be backported in 1.8.
This commit is contained in:
Jrme Magnin 2018-12-20 16:47:31 +01:00 committed by Willy Tarreau
parent 645b33d233
commit 8d4e7dc880

View File

@ -810,7 +810,7 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend,
/* Move forward 2 bytes for data len */
reader += 2;
if (reader + dns_answer_record->data_len >= bufend) {
if (reader + dns_answer_record->data_len > bufend) {
pool_free(dns_answer_item_pool, dns_answer_record);
return DNS_RESP_INVALID;
}