- Fix Out of Bounds Write in sldns_b64_pton(),

fixed by check in sldns_str2wire_int16_data_buf(), reported by X41 D-Sec.
2024-09-21 22:57:08 +00:00 · 2019-12-03 16:10:34 +01:00 · 2019-12-03 16:10:34 +01:00 · c99438c6a1
commit c99438c6a1
parent 3f3cadd416
2 changed files with 5 additions and 0 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -12,6 +12,9 @@
 	  reported by X41 D-Sec.
 	- Fix Out of Bounds Write in sldns_str2wire_str_buf(),
 	  reported by X41 D-Sec.
+	- Fix Out of Bounds Write in sldns_b64_pton(),
+	  fixed by check in sldns_str2wire_int16_data_buf(),
+	  reported by X41 D-Sec.

 2 December 2019: Wouter
 	- Merge pull request #122 from he32: In tcp_callback_writer(),
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@ -2104,6 +2104,8 @@ int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len)
 	char* s;
 	int n;
 	n = strtol(str, &s, 10);
+	if(n < 0) /* negative number not allowed */
+		return LDNS_WIREPARSE_ERR_SYNTAX;
 	if(*len < ((size_t)n)+2)
 		return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
 	if(n > 65535)