projects / qtbase-opensource-src.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: adfd5f4) | patch
QDnsLookup/Unix: make sure we don't overflow the buffer
authorDebian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)
committerSteve Langasek <vorlon@debian.org>
Sun, 3 Mar 2024 09:03:16 +0000 (09:03 +0000)
commit9ed2ef0b8d5d793276cde8363b452cbb20365c7b
tree196830e19451b2be7cc27262301c5d707aea3e04tree | snapshot
parentadfd5f4059a1234ec5eb55d8a0246b3923d073abcommit | diff
QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff
src/network/kernel/qdnslookup_unix.cpp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.