Skip to content
Commit bd77dd7e authored by Florian Weimer's avatar Florian Weimer
Browse files

CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode

Without passing alt_dns_packet_buffer, __res_context_search can only
store 2048 bytes (what fits into dns_packet_buffer).  However,
the function returns the total packet size, and the subsequent
DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
of the stack-allocated buffer.

Fixes commit f282cdbe ("resolv: Implement no-aaaa
stub resolver option") and bug 30842.
parent c8fa383f
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment