Bug 403 - heap overflow in ldns_rr_new_frm_str_internal
heap overflow in ldns_rr_new_frm_str_internal
Status: RESOLVED FIXED
Product: ldns
Classification: Unclassified
Component: library
1.6.x
Other Linux
: P5 major
Assigned To: LDNS dev team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-24 18:50 CEST by dkeeler
Modified: 2011-08-24 23:29 CEST (History)
2 users (show)

See Also:


Attachments
proposed patch (1.55 KB, patch)
2011-08-24 18:50 CEST, dkeeler
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description dkeeler 2011-08-24 18:50:07 CEST
Created attachment 180 [details]
proposed patch

In ldns_rr_new_frm_str_internal, when parsing rr data that uses the "\#" notation, there can be a heap overflow when there is more data present than indicated by the number after the "\#". For example, if the data part looked like "\# 1 0000", there would be an overflow, because the tokenizer grabs all of the "0000" and puts it in a buffer only large enough for "00".
Comment 1 Willem Toorop 2011-08-24 22:07:31 CEST
You are right! Thanks for the fix.
Patch applied in trunk.
Looking forward to your coming fixes :)
Willem
Comment 2 dkeeler 2011-08-24 23:29:31 CEST
(In reply to comment #1)
> You are right! Thanks for the fix.
> Patch applied in trunk.
> Looking forward to your coming fixes :)
> Willem

Thanks for the quick responses :)