From 8d4e7dc880d2094658fead50dedd9c22c95c556a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Magnin?= Date: Thu, 20 Dec 2018 16:47:31 +0100 Subject: [PATCH] BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response() A regression was introduced with efbbdf72 BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() as it prevented from taking into account the last byte of the payload. this patch aims at fixing it. this must be backported in 1.8. --- src/dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dns.c b/src/dns.c index c1396f525..78d8f52f2 100644 --- a/src/dns.c +++ b/src/dns.c @@ -810,7 +810,7 @@ static int dns_validate_dns_response(unsigned char *resp, unsigned char *bufend, /* Move forward 2 bytes for data len */ reader += 2; - if (reader + dns_answer_record->data_len >= bufend) { + if (reader + dns_answer_record->data_len > bufend) { pool_free(dns_answer_item_pool, dns_answer_record); return DNS_RESP_INVALID; }