0009328: add_record: buffer overflow

ID	Project	Category	View Status	Date Submitted	Last Update

0009328	GNUnet	util library	public	2024-11-04 17:20	2024-11-14 09:43

Reporter	fefe	Assigned To	Christian Grothoff
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Target Version	0.23.0	Fixed in Version	0.23.0

Summary	0009328: add_record: buffer overflow
Description	1297 ret = GNUNET_DNSPARSER_builder_add_name (dst, 1298 dst_len 1299 - sizeof( 1300 struct GNUNET_TUN_DnsRecordLine), 1301 off, 1302 record->name); dst_len could come in < sizeof(struct GNUNET_TUN_DnsRecordLine) and cause underflow and a buffer overflow here. 1343 default: 1344 if (pos + record->data.raw.data_len > dst_len) data_len is a size_t. This addition can overflow, defeating the check.
Tags	No tags attached.

Date Modified	Username	Field	Change
2024-11-04 17:20	fefe	New Issue
2024-11-10 10:46	schanzen	Target Version	=> 0.22.3
2024-11-11 08:07	Christian Grothoff	Changeset attached	=> gnunet master 27d34010
2024-11-11 08:07	Christian Grothoff	Note Added: 0023687
2024-11-11 08:07	Christian Grothoff	Assigned To	=> Christian Grothoff
2024-11-11 08:07	Christian Grothoff	Status	new => resolved
2024-11-11 08:07	Christian Grothoff	Resolution	open => fixed
2024-11-11 08:07	Christian Grothoff	Fixed in Version	=> 0.23.0
2024-11-11 08:07	Christian Grothoff	Note Added: 0023688
2024-11-14 09:43	schanzen	Target Version	0.22.3 => 0.23.0

Christian Grothoff 2024-11-11 08:07 manager ~0023687	Fix committed to master branch.

Christian Grothoff 2024-11-11 08:07 manager ~0023688	Fixed in c273d8d03..27d340103

gnunet: master 27d34010 2024-11-11 09:07 Christian Grothoff Details Diff	fix 0009328		Affected Issues 0009328
	mod - src/lib/util/dnsparser.c		Diff File