Fix OOB read in DNS resolver

The remote server specifies resplen, the length of the response it
intends to send. anssiz represents the size of the destination buffer.
If the reported resplen is larger than the anssiz, the code correctly
only reads up to anssiz bytes, but returns resplen. so later functions
will access far out of bounds.

The fix ensures that the length of send_vc return does not exceed the
buffer size.

Bug: 161362564
Test: atest pass on HWAddressSanitizer build.
Merged-In: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Change-Id: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
(cherry picked from commit cf6ee247113426ef4e7365a86d00bb5430186802)
(cherry picked from commit 5214c6bebaadfe307579ee930fc650235b157192)
3 files changed
tree: 609d5dc9d969c0c0db80d68d9613aa4ed3701fca
  1. .editorconfig
  2. Android.bp
  3. Dns64Configuration.cpp
  4. Dns64Configuration.h
  5. DnsProxyListener.cpp
  6. DnsProxyListener.h
  7. DnsQueryLog.cpp
  8. DnsQueryLog.h
  9. DnsQueryLogTest.cpp
  10. DnsResolver.cpp
  11. DnsResolver.h
  12. DnsResolverService.cpp
  13. DnsResolverService.h
  14. DnsStats.cpp
  15. DnsStats.h
  16. DnsStatsTest.cpp
  17. DnsTlsDispatcher.cpp
  18. DnsTlsDispatcher.h
  19. DnsTlsQueryMap.cpp
  20. DnsTlsQueryMap.h
  21. DnsTlsServer.cpp
  22. DnsTlsServer.h
  23. DnsTlsSessionCache.cpp
  24. DnsTlsSessionCache.h
  25. DnsTlsSocket.cpp
  26. DnsTlsSocket.h
  27. DnsTlsSocketFactory.h
  28. DnsTlsTransport.cpp
  29. DnsTlsTransport.h
  30. Experiments.cpp
  31. Experiments.h
  32. ExperimentsTest.cpp
  33. IDnsTlsSocket.h
  34. IDnsTlsSocketFactory.h
  35. IDnsTlsSocketObserver.h
  36. LockedQueue.h
  37. NOTICE
  38. OWNERS
  39. PREUPLOAD.cfg
  40. PrivateDnsConfiguration.cpp
  41. PrivateDnsConfiguration.h
  42. README-DoT.md
  43. README.md
  44. ResolverController.cpp
  45. ResolverController.h
  46. ResolverEventReporter.cpp
  47. ResolverEventReporter.h
  48. ResolverStats.h
  49. TEST_MAPPING
  50. aidl_api/
  51. apex/
  52. binder/
  53. getaddrinfo.cpp
  54. getaddrinfo.h
  55. gethnamaddr.cpp
  56. gethnamaddr.h
  57. hostent.h
  58. include/
  59. libnetd_resolv.map.txt
  60. params.h
  61. res_cache.cpp
  62. res_comp.cpp
  63. res_comp.h
  64. res_debug.cpp
  65. res_debug.h
  66. res_init.cpp
  67. res_init.h
  68. res_mkquery.cpp
  69. res_query.cpp
  70. res_send.cpp
  71. res_send.h
  72. res_stats.cpp
  73. resolv_cache.h
  74. resolv_cache_unit_test.cpp
  75. resolv_callback_unit_test.cpp
  76. resolv_private.h
  77. resolv_test_config_template.xml
  78. resolv_tls_unit_test.cpp
  79. resolv_unit_test.cpp
  80. sethostent.cpp
  81. stats.h
  82. stats.proto
  83. tests/
  84. util.cpp
  85. util.h
README.md

Logging

This code uses LOG(X) for logging. Log levels are VERBOSE,DEBUG,INFO,WARNING and ERROR. The default setting is WARNING and logs relate to WARNING and ERROR will be shown. If you want to enable the DEBUG level logs, using following command. adb shell service call dnsresolver 10 i32 1 VERBOSE 0 DEBUG 1 INFO 2 WARNING 3 ERROR 4 Verbose resolver logs could contain PII -- do NOT enable in production builds.