mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-22 20:32:12 +00:00
BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
A regression was introduced with efbbdf72
BUG: dns: Prevent out-of-bounds
read in dns_validate_dns_response() as it prevented from taking into account
the last byte of the payload. this patch aims at fixing it.
this must be backported in 1.8.
This commit is contained in:
parent
645b33d233
commit
8d4e7dc880
@ -810,7 +810,7 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend,
|
||||
/* Move forward 2 bytes for data len */
|
||||
reader += 2;
|
||||
|
||||
if (reader + dns_answer_record->data_len >= bufend) {
|
||||
if (reader + dns_answer_record->data_len > bufend) {
|
||||
pool_free(dns_answer_item_pool, dns_answer_record);
|
||||
return DNS_RESP_INVALID;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user