diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2019-10-03 13:32:28 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2019-10-03 13:32:28 +0000 |
| commit | 8779d1dd0992f62d8d2f0c76f4f799b6cae22216 (patch) | |
| tree | 35c14948b09992ee4da2755d7b1f59f97e35907c /sbin | |
| parent | 0f29beb0a871a44a14e8e9fae542393446358011 (diff) | |
Fix CVE-2019-16866
---
Recent versions of Unbound contain a problem that may cause Unbound to
crash after receiving a specially crafted query. This issue can only be
triggered by queries received from addresses allowed by Unbound's ACL.
---
tested by benno, tb
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/unwind/libunbound/util/data/msgparse.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/unwind/libunbound/util/data/msgparse.c b/sbin/unwind/libunbound/util/data/msgparse.c index 13cad8a2663..fb312370366 100644 --- a/sbin/unwind/libunbound/util/data/msgparse.c +++ b/sbin/unwind/libunbound/util/data/msgparse.c @@ -1061,18 +1061,18 @@ parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns, size_t rdata_len; uint8_t* rdata_ptr; log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1); + memset(edns, 0, sizeof(*edns)); if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 || LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) { if(!skip_pkt_rrs(pkt, ((int)LDNS_ANCOUNT(sldns_buffer_begin(pkt)))+ ((int)LDNS_NSCOUNT(sldns_buffer_begin(pkt))))) - return 0; + return LDNS_RCODE_FORMERR; } /* check edns section is present */ if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { return LDNS_RCODE_FORMERR; } if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 0) { - memset(edns, 0, sizeof(*edns)); edns->udp_size = 512; return 0; } |