diff options
| author | Brian Fukano <bfukano@gmail.com> | 2024-04-24 11:47:51 -0700 |
|---|---|---|
| committer | Denis Kenzior <denkenz@gmail.com> | 2024-05-07 16:09:59 -0500 |
| commit | 8173d708c316e8c05276d251c221a097737d57b5 (patch) | |
| tree | dc223a4c68ba300906fb32f6f91b043bd89ab5c0 | |
| parent | 16044e9fcad813f0a3576540448137803a19bffd (diff) | |
| download | connman-master.tar.gz | |
static analysis tools are much happier when untrusted data sources are
not used in computations. In particular, the preferred form for
boundary checking is to compute the bounds using trusted sources and
compare to the length obtained in the untrusted source.
| -rw-r--r-- | src/dnsproxy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/dnsproxy.c b/src/dnsproxy.c index 840f75e45..f28a5d755 100644 --- a/src/dnsproxy.c +++ b/src/dnsproxy.c @@ -1877,7 +1877,7 @@ static const char* uncompress(int16_t field_count, const char *start, const char } else if (dns_type == DNS_TYPE_A || dns_type == DNS_TYPE_AAAA) { dlen = uptr[-2] << 8 | uptr[-1]; - if ((ptr + dlen) > end || (uptr + dlen) > uncomp_end) { + if (dlen > (end - ptr) || dlen > (uncomp_end - uptr)) { debug("data len %d too long", dlen); return NULL; } |