mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-05 00:55:24 +00:00
Code Issues Releases Wiki Activity

Fix a stack buffer overflow in the statistics channel

Browse Source 
A long timestamp in an If-Modified-Since header could overflow a
fixed-size buffer.
This commit is contained in:
Tony Finch
2023-06-06 18:06:43 +01:00
committed by Ondřej Surý
parent bafb3f97c2
commit b22c87ca61
2 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/isc/httpd.c
View File

@@ -451,7 +451,9 @@ process_request(isc_httpd_t *httpd, size_t last_len) {
if (value_match(header, "deflate")) {
httpd->flags |= ACCEPT_DEFLATE;
}
} else if (name_match(header, "If-Modified-Since")) {
} else if (name_match(header, "If-Modified-Since") &&
header->value_len < ISC_FORMATHTTPTIMESTAMP_SIZE)
{
char timestamp[ISC_FORMATHTTPTIMESTAMP_SIZE + 1];
memmove(timestamp, header->value, header->value_len);
timestamp[header->value_len] = 0;