musl - musl - an implementation of the standard library for Linux-based systems

Age	Commit message (Collapse)	Author	Lines
2023-02-27	prevent CNAME/PTR parsing from reading data past the response end	Alexey Izbyshev	-2/+2
	DNS parsing callbacks pass the response buffer end instead of the actual response end to dn_expand, so a malformed DNS response can use message compression to make dn_expand jump past the response end and attempt to parse uninitialized parts of that buffer, which might succeed and return garbage.
2023-02-27	fix out-of-bounds reads in __dns_parse	Alexey Izbyshev	-3/+3
	There are several issues with range checks in this function: * The question section parsing loop can read up to two out-of-bounds bytes before doing the range check and bailing out. * The answer section parsing loop, in addition to the same issue as above, uses the wrong length in the range check that doesn't prevent OOB reads when computing len later. * The len range check before calling the callback is off by 10. Also, p+len can overflow in a (probably theoretical) case when p is within 2^16 from UINTPTR_MAX. Because __dns_parse is used only with stack-allocated buffers, such small overreads can't result in a segfault. The first two also don't affect the function result, but the last one may result in getaddrinfo incorrectly succeeding and returning up to 10 bytes past the response buffer as a part of the IP address, and in (canon) name returned by getaddrinfo/getnameinfo being affected by memory past the response buffer (because dn_expand might interpret it as a pointer).
2018-09-12	move and deduplicate declarations of __dns_parse to make it checkable	Rich Felker	-0/+1
	the source file for this function is completely standalone, but it doesn't seem worth adding a header just for it, so declare it in lookup.h for now.
2014-06-03	fix some validation checks in dns response parsing code	Rich Felker	-2/+3
	since the buffer passed always has an actual size of 512 bytes, the maximum possible response packet size, no out-of-bounds access was possible; however, reading past the end of the valid portion of the packet could cause the parser to attempt to process junk as answer content.
2014-06-02	switch standard resolver functions to use the new dns backend	Rich Felker	-0/+31
	this is the third phase of the "resolver overhaul" project. this commit removes all of the old dns code, and switches the __lookup_name backend (used by getaddrinfo, etc.) and the getnameinfo function to use the newly implemented __res_mkquery and __res_msend interfaces. for parsing the results, a new callback-based __dns_parse function, based on __dns_get_rr from the old dns code, is used.