projects / qtbase-opensource-src.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e7a3957) | patch
QDnsLookup/Unix: make sure we don't overflow the buffer
authorDebian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Tue, 21 May 2024 07:53:43 +0000 (10:53 +0300)
committerDmitry Shachnev <mitya57@debian.org>
Tue, 21 May 2024 07:53:43 +0000 (10:53 +0300)
commit6ce34a9d903d1fe36037492d0c62f0a568d04ccc
treeaef28dfd85222f4a754980e4916cb5d962d347fftree | snapshot
parente7a3957ed4ef7438052254085c8a52d669bf1ccfcommit | diff
QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff
src/network/kernel/qdnslookup_unix.cpp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.