summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorFlorian Obser <florian@cvs.openbsd.org>2019-10-03 13:32:28 +0000
committerFlorian Obser <florian@cvs.openbsd.org>2019-10-03 13:32:28 +0000
commit8779d1dd0992f62d8d2f0c76f4f799b6cae22216 (patch)
tree35c14948b09992ee4da2755d7b1f59f97e35907c /usr.sbin
parent0f29beb0a871a44a14e8e9fae542393446358011 (diff)
Fix CVE-2019-16866
--- Recent versions of Unbound contain a problem that may cause Unbound to crash after receiving a specially crafted query. This issue can only be triggered by queries received from addresses allowed by Unbound's ACL. --- tested by benno, tb
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/unbound/util/data/msgparse.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/unbound/util/data/msgparse.c b/usr.sbin/unbound/util/data/msgparse.c
index 13cad8a2663..fb312370366 100644
--- a/usr.sbin/unbound/util/data/msgparse.c
+++ b/usr.sbin/unbound/util/data/msgparse.c
@@ -1061,18 +1061,18 @@ parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns,
size_t rdata_len;
uint8_t* rdata_ptr;
log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1);
+ memset(edns, 0, sizeof(*edns));
if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 ||
LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) {
if(!skip_pkt_rrs(pkt, ((int)LDNS_ANCOUNT(sldns_buffer_begin(pkt)))+
((int)LDNS_NSCOUNT(sldns_buffer_begin(pkt)))))
- return 0;
+ return LDNS_RCODE_FORMERR;
}
/* check edns section is present */
if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) {
return LDNS_RCODE_FORMERR;
}
if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 0) {
- memset(edns, 0, sizeof(*edns));
edns->udp_size = 512;
return 0;
}