Google Git
Sign in
android / platform / system / netd / 11ad8ac8e1f6b3c7f50ca45b5de2f40e30f35cfb
commit11ad8ac8e1f6b3c7f50ca45b5de2f40e30f35cfb[log] [tgz]
authorKen Chen <cken@google.com>Thu Jul 30 13:24:16 2020 +0800
committerKen Chen <cken@google.com>Mon Aug 10 17:52:40 2020 +0800
tree6554f734f67e38d50dcea6617813df465cb6e121
parent3f47223fe92ef6bf7307cf151e2b98b9602e89ce [diff]
Fix OOB read in DNS resolver

The remote server specifies resplen, the length of the response it
intends to send. anssiz represents the size of the destination buffer.
If the reported resplen is larger than the anssiz, the code correctly
only reads up to anssiz bytes, but returns resplen. so later functions
will access far out of bounds.

The fix ensures that the length of send_vc return does not exceed the
buffer size.

(Manually backport commit from ag/12280247, since it's different git
project on qt-dev. Use aosp/1302595 as Merged-In tag to avoid conflict)

Bug: 161362564
Test: atest pass
Change-Id: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Merged-In: I1ff2dc09f41f76973c5f066b07b15388e722b375
2 files changed
tree: 6554f734f67e38d50dcea6617813df465cb6e121
  1. apex/
  2. bpf_progs/
  3. client/
  4. include/
  5. libnetdbpf/
  6. libnetdutils/
  7. netutils_wrappers/
  8. resolv/
  9. server/
  10. tests/
  11. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  12. .editorconfig
  13. Android.bp
  14. MODULE_LICENSE_APACHE2
  15. NOTICE
  16. OWNERS
  17. PREUPLOAD.cfg
  18. TEST_MAPPING