From 0302fcbf7e41fdbcf55f70cc040e3e55f448c06c Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 5 Jan 2016 13:39:44 -0800 Subject: [PATCH] [master] check addrlen/scopelen fit within family address length --- lib/dns/message.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/dns/message.c b/lib/dns/message.c index 68c86871cc..bb1a7946df 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -3260,11 +3260,15 @@ render_ecs(isc_buffer_t *ecsbuf, isc_buffer_t *target) { for (i = 0; i < addrbytes; i ++) addr[i] = isc_buffer_getuint8(ecsbuf); - if (family == 1) + if (family == 1) { + if (addrlen > 32 || scopelen > 32) + return (DNS_R_OPTERR); inet_ntop(AF_INET, addr, addr_text, sizeof(addr_text)); - else if (family == 2) + } else if (family == 2) { + if (addrlen > 128 || scopelen > 128) + return (DNS_R_OPTERR); inet_ntop(AF_INET6, addr, addr_text, sizeof(addr_text)); - else { + } else { snprintf(addr_text, sizeof(addr_text), "Unsupported family %u", family); ADD_STRING(target, addr_text);