Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/dnsmasq-2.77-underflow.patch -- From 77c7cabbeab1fbe1f7296f33762771f208586e59 Mon Sep 17 00:00:00 2001 From: Doran Moppert Date: Tue, 26 Sep 2017 14:48:20 +0930 Subject: [PATCH] google patch hand-applied --- src/edns0.c | 10 +++++----- src/forward.c | 4 ++++ src/rfc1035.c | 3 +++ 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/edns0.c b/src/edns0.c index 7bd26b8..7f96414 100644 --- a/src/edns0.c +++ b/src/edns0.c @@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l /* Copy back any options */ if (buff) { - if (p + rdlen > limit) - { - free(buff); - return plen; /* Too big */ - } + if (p + rdlen > limit) + { + free(buff); + return plen; /* Too big */ + } memcpy(p, buff, rdlen); free(buff); p += rdlen; diff --git a/src/forward.c b/src/forward.c index 3d638e4..e254e35 100644 --- a/src/forward.c +++ b/src/forward.c @@ -1558,6 +1558,10 @@ void receive_query(struct listener *listen, time_t now) udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ } + // Make sure the udp size is not smaller than the incoming message so that we + // do not underflow + if (udp_size < n) udp_size = n; + #ifdef HAVE_CONNTRACK #ifdef HAVE_AUTH if (!auth_dns || local_auth) diff --git a/src/rfc1035.c b/src/rfc1035.c index 6fc4f26..66fa00c 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1396,6 +1396,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, size_t len; int rd_bit = (header->hb3 & HB3_RD); + // Make sure we do not underflow here too. + if (qlen > (limit - ((char *)header))) return 0; + /* never answer queries with RD unset, to avoid cache snooping. */ if (ntohs(header->ancount) != 0 || ntohs(header->nscount) != 0 || -- 2.31.1