82012ecbfd
Denial of Service Vulnerability" brad (MAINTAINER) came up with the same diff ok ajacoutot@ sthen@
21 lines
559 B
Plaintext
21 lines
559 B
Plaintext
$OpenBSD: patch-lib_rfc1035_c,v 1.1 2010/02/03 06:41:17 jasper Exp $
|
|
|
|
Security fix for CVE-2010-0308, "Squid DNS Packet Processing
|
|
Denial of Service Vulnerability"
|
|
|
|
Patch from upstream svn, changeset 12597.
|
|
|
|
--- lib/rfc1035.c.orig Tue Feb 2 14:50:56 2010
|
|
+++ lib/rfc1035.c Tue Feb 2 14:51:24 2010
|
|
@@ -286,7 +286,9 @@ rfc1035NameUnpack(const char *buf, size_t sz, int *off
|
|
size_t len;
|
|
assert(ns > 0);
|
|
do {
|
|
- assert((*off) < sz);
|
|
+ if ((*off) >= sz) {
|
|
+ return 1;
|
|
+ }
|
|
c = *(buf + (*off));
|
|
if (c > 191) {
|
|
/* blasted compression */
|