projects / qtbase-opensource-src.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e29c929) | patch
QDnsLookup/Unix: make sure we don't overflow the buffer
authorDebian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Thu, 25 May 2023 10:45:05 +0000 (11:45 +0100)
committerDmitry Shachnev <mitya57@debian.org>
Thu, 25 May 2023 10:45:05 +0000 (11:45 +0100)
commita9a676919174d900cc8f01d64fc01d293512d872
treefee788fbe6bb9cde90f9effdbd91ba3cfbd29623tree | snapshot
parente29c929707d30ed8e98a0ded41c7e8dff441a4a8commit | diff
QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff
src/network/kernel/qdnslookup_unix.cpp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.