tag | 1fcbd228a525bd8a611d39ffff5b91c4a57b611d | |
---|---|---|
tagger | The Android Open Source Project <initial-contribution@android.com> | Tue Jan 04 19:08:58 2022 -0800 |
object | 8c222de999772641d22e0b8b466f63a724ed875b |
Android security 11.0.0 release 51
commit | 8c222de999772641d22e0b8b466f63a724ed875b | [log] [tgz] |
---|---|---|
author | Ken Chen <cken@google.com> | Thu Jul 30 13:24:16 2020 +0800 |
committer | Anis Assi <anisassi@google.com> | Tue Sep 15 20:44:37 2020 -0700 |
tree | 609d5dc9d969c0c0db80d68d9613aa4ed3701fca | |
parent | c966227cf118eabc30901ab89bfa24cc2fbe346a [diff] |
Fix OOB read in DNS resolver The remote server specifies resplen, the length of the response it intends to send. anssiz represents the size of the destination buffer. If the reported resplen is larger than the anssiz, the code correctly only reads up to anssiz bytes, but returns resplen. so later functions will access far out of bounds. The fix ensures that the length of send_vc return does not exceed the buffer size. Bug: 161362564 Test: atest pass on HWAddressSanitizer build. Merged-In: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5 Change-Id: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5 (cherry picked from commit cf6ee247113426ef4e7365a86d00bb5430186802) (cherry picked from commit 5214c6bebaadfe307579ee930fc650235b157192)
This code uses LOG(X) for logging. Log levels are VERBOSE,DEBUG,INFO,WARNING and ERROR. The default setting is WARNING and logs relate to WARNING and ERROR will be shown. If you want to enable the DEBUG level logs, using following command. adb shell service call dnsresolver 10 i32 1 VERBOSE 0 DEBUG 1 INFO 2 WARNING 3 ERROR 4 Verbose resolver logs could contain PII -- do NOT enable in production builds.