system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-04 15:09:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibDNS: Prevent malformed DNS packets from causing buffer overflows

Browse source
This commit is contained in:
Tim Ledbetter 2023-11-02 20:11:39 +00:00 committed by Andreas Kling
parent 4e3b59a4bb
commit 2fbaeb9694
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Userland/Libraries/LibDNS/Packet.cpp
View file

@ -128,6 +128,9 @@ Optional<Packet> Packet::from_raw_packet(ReadonlyBytes bytes)
NetworkOrdered<u16> record_type;
NetworkOrdered<u16> class_code;
};
if (offset >= bytes.size() || bytes.size() - offset < sizeof(RawDNSAnswerQuestion))
return {};
auto const& record_and_class = *bit_cast<RawDNSAnswerQuestion const*>(bytes.offset_pointer(offset));
u16 class_code = record_and_class.class_code & ~MDNS_WANTS_UNICAST_RESPONSE;
bool mdns_wants_unicast_response = record_and_class.class_code & MDNS_WANTS_UNICAST_RESPONSE;
@ -139,8 +142,13 @@ Optional<Packet> Packet::from_raw_packet(ReadonlyBytes bytes)
for (u16 i = 0; i < header.answer_count(); ++i) {
auto name = Name::parse(bytes, offset);
if (offset >= bytes.size() || bytes.size() - offset < sizeof(DNSRecordWithoutName))
return {};
auto const& record = *bit_cast<DNSRecordWithoutName const*>(bytes.offset_pointer(offset));
offset += sizeof(DNSRecordWithoutName);
if (record.data_length() > bytes.size() - offset)
return {};
DeprecatedString data;