代码拉取完成,页面将自动刷新
From 1c85901cc4c0f7693183f4b280604619e56cba00 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Wed, 16 Aug 2023 16:58:49 +0200
Subject: [PATCH] - Fix out of bounds read in parse_edns_options_from_query, it
would read 8 bytes after a client option of length 8, and then ignore them
to recreate a 24 byte response. The fixup does not read out of bounds,
and puts zeroes in the buffer at that point, that then are ignored.
---
util/data/msgparse.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index 40189d613..b5414c6d0 100644
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -1049,7 +1049,12 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len,
/* Copy client cookie, version and timestamp for
* validation and creation purposes.
*/
- memmove(server_cookie, rdata_ptr, 16);
+ if(opt_len >= 16) {
+ memmove(server_cookie, rdata_ptr, 16);
+ } else {
+ memset(server_cookie, 0, 16);
+ memmove(server_cookie, rdata_ptr, opt_len);
+ }
/* In the "if, if else" block below, we validate a
* RFC9018 cookie. If it doesn't match the recipe, or
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手