diff options
author | Ken Chen <cken@google.com> | 2020-08-30 06:02:02 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-08-30 06:02:02 +0000 |
commit | be4e18d619edcc8f09534a4ec84428cf23b09a13 (patch) | |
tree | 3b2683ba5691ba3c45cb2e12421650638f0584f9 | |
parent | 7b11b0332e2c2778a91e4b0c7a366f74ec648f95 (diff) | |
parent | cf6b3ecd4d9036e8b84489549441c86d1576a796 (diff) | |
download | bionic-android11-mainline-networkstack-release.tar.gz |
Fix OOB read in DNS resolver am: 43264bc365 am: c5ea7569a8 am: 2c2546b158 am: cf6b3ecd4dandroid-mainline-11.0.0_r44android-mainline-11.0.0_r43android-mainline-11.0.0_r42android-mainline-11.0.0_r41android-mainline-11.0.0_r40android-mainline-11.0.0_r39android-mainline-11.0.0_r38android-mainline-11.0.0_r37android-mainline-11.0.0_r36android-mainline-11.0.0_r35android-mainline-11.0.0_r34android-mainline-11.0.0_r32android-mainline-11.0.0_r31android-mainline-11.0.0_r30android-mainline-11.0.0_r28android-mainline-11.0.0_r27android-mainline-11.0.0_r26android-mainline-11.0.0_r25android-mainline-11.0.0_r24android-mainline-11.0.0_r23android-mainline-11.0.0_r22android-mainline-11.0.0_r21android-mainline-11.0.0_r20android-mainline-11.0.0_r18android-mainline-11.0.0_r17android-mainline-11.0.0_r16android-mainline-11.0.0_r15android-mainline-11.0.0_r14android-mainline-11.0.0_r13android-mainline-11.0.0_r12android11-mainline-tethering-releaseandroid11-mainline-permission-releaseandroid11-mainline-os-statsd-releaseandroid11-mainline-networkstack-releaseandroid11-mainline-media-swcodec-releaseandroid11-mainline-media-releaseandroid11-mainline-extservices-releaseandroid11-mainline-documentsui-releaseandroid11-mainline-conscrypt-releaseandroid11-mainline-cellbroadcast-releaseandroid11-mainline-captiveportallogin-release
Original change: https://googleplex-android-review.googlesource.com/c/platform/bionic/+/12329970
Change-Id: I0a108632f55b67081192710ce9dbf347d580e35d
-rw-r--r-- | libc/dns/resolv/res_send.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libc/dns/resolv/res_send.c b/libc/dns/resolv/res_send.c index a645a6b4a..fa81e6dc5 100644 --- a/libc/dns/resolv/res_send.c +++ b/libc/dns/resolv/res_send.c @@ -948,6 +948,8 @@ send_vc(res_state statp, struct __res_params* params, else break; } + // return size should never exceed container size + resplen = anssiz; } /* * If the calling applicating has bailed out of @@ -960,7 +962,7 @@ send_vc(res_state statp, struct __res_params* params, DprintQ((statp->options & RES_DEBUG) || (statp->pfcode & RES_PRF_REPLY), (stdout, ";; old answer (unexpected):\n"), - ans, (resplen > anssiz) ? anssiz: resplen); + ans, resplen); goto read_len; } |