projects / qtbase-opensource-src.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f7b788) | patch
QDnsLookup/Unix: make sure we don't overflow the buffer
authorDebian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Sat, 13 Jan 2024 16:53:52 +0000 (19:53 +0300)
committerDmitry Shachnev <mitya57@debian.org>
Sat, 13 Jan 2024 16:53:52 +0000 (19:53 +0300)
commita7b1852b25f7d0279ab885757ba9804f65b14b18
tree0a6c504671ae246d4f439439e15e055ca6f3f79atree | snapshot
parent0f7b788c0aa147a871d52827a4b11f096c7e4c71commit | diff
QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff
src/network/kernel/qdnslookup_unix.cpp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.