projects / qtbase-opensource-src.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dcacce7) | patch
QDnsLookup/Unix: make sure we don't overflow the buffer
authorDebian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Tue, 24 Oct 2023 11:07:10 +0000 (14:07 +0300)
committerDmitry Shachnev <mitya57@debian.org>
Tue, 24 Oct 2023 11:07:10 +0000 (14:07 +0300)
commitc851bdd3ab8cb85ce71defa7faeebb4367fbe31a
tree6a52eba1c78e705e334939512519ddbd18031ee8tree | snapshot
parentdcacce733df59df32532c948d55abbd69f3354facommit | diff
QDnsLookup/Unix: make sure we don't overflow the buffer

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
Last-Update: 2023-05-25

The DNS Records are variable length and encode their size in 16 bits
before the Record Data (RDATA). Ensure that both the RDATA and the
Record header fields before it fall inside the buffer we have.

Additionally reject any replies containing more than one query records.

Gbp-Pq: Name CVE-2023-33285.diff
src/network/kernel/qdnslookup_unix.cpp diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.