projects / qtbase-opensource-src.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a7e1640) | patch
QDnsLookup/Unix: make sure we don't overflow the buffer
authorDebian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Thu, 27 Jul 2023 20:01:32 +0000 (21:01 +0100)
committerDmitry Shachnev <mitya57@debian.org>
Thu, 27 Jul 2023 20:01:32 +0000 (21:01 +0100)
commit58ec38da05f4698924bc10b546767a8ec5c978dd
treedab1b3f029271549aea572674675be54965850c0tree | snapshot
parenta7e1640bdb2fa38f751a1c96fcce6174bb314f4ecommit | diff
QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff
src/network/kernel/qdnslookup_unix.cpp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.