Google Git
Sign in
android / platform / system / netd / a6aa18923ed8d11ae592ed1a9cda44d049d84426
commita6aa18923ed8d11ae592ed1a9cda44d049d84426[log] [tgz]
authorKen Chen <cken@google.com>Thu Jul 30 13:24:16 2020 +0800
committerAnis Assi <anisassi@google.com>Thu Sep 10 13:51:28 2020 -0700
tree12caded4333342d66dcd2c8fadfb6d8173c49946
parente27bf9edf55a77172ab26b2b494cbdf19b545268 [diff]
Fix OOB read in DNS resolver

The remote server specifies resplen, the length of the response it
intends to send. anssiz represents the size of the destination buffer.
If the reported resplen is larger than the anssiz, the code correctly
only reads up to anssiz bytes, but returns resplen. so later functions
will access far out of bounds.

The fix ensures that the length of send_vc return does not exceed the
buffer size.

(Manually backport commit from ag/12280247, since it's different git
project on qt-dev. Use aosp/1302595 as Merged-In tag to avoid conflict)

Bug: 161362564
Test: atest pass
Change-Id: Id4b5df1be4652e4623847b0b0bad0af65b80fdd5
Merged-In: I1ff2dc09f41f76973c5f066b07b15388e722b375
(cherry picked from commit 11ad8ac8e1f6b3c7f50ca45b5de2f40e30f35cfb)
2 files changed
tree: 12caded4333342d66dcd2c8fadfb6d8173c49946
  1. apex/
  2. bpf_progs/
  3. client/
  4. include/
  5. libnetdbpf/
  6. libnetdutils/
  7. netutils_wrappers/
  8. resolv/
  9. server/
  10. tests/
  11. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  12. .editorconfig
  13. Android.bp
  14. MODULE_LICENSE_APACHE2
  15. NOTICE
  16. OWNERS
  17. PREUPLOAD.cfg
  18. TEST_MAPPING