This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH COMMITTED] hesiod: Avoid heap overflow in get_txt_records [BZ #20031]
- From: fweimer at redhat dot com (Florian Weimer)
- To: libc-alpha at sourceware dot org
- Date: Mon, 02 May 2016 16:08:31 +0200
- Subject: [PATCH COMMITTED] hesiod: Avoid heap overflow in get_txt_records [BZ #20031]
- Authentication-results: sourceware.org; auth=none
2016-05-02 Florian Weimer <fweimer@redhat.com>
[BZ #20031]
* hesiod/hesiod.c (get_txt_records): Return error if TXT record is
completely empty.
diff --git a/hesiod/hesiod.c b/hesiod/hesiod.c
index 6ecbad1..c2925a0 100644
--- a/hesiod/hesiod.c
+++ b/hesiod/hesiod.c
@@ -398,7 +398,7 @@ get_txt_records(struct hesiod_p *ctx, int class, const char *name) {
cp += INT16SZ + INT32SZ; /* skip the ttl, too */
rr.dlen = ns_get16(cp);
cp += INT16SZ;
- if (cp + rr.dlen > eom) {
+ if (rr.dlen == 0 || cp + rr.dlen > eom) {
__set_errno(EMSGSIZE);
goto cleanup;
}