#
352027 |
|
08-Sep-2019 |
cy |
MFC r351889:
Bounds check again after advancing cp, otherwise we have a possible heap buffer overflow. This was discovered by a Google fuzzer test. This can lead to remote denial of service. User interaction and execution privileges are not a prerequisite for exploitation.
Reported by: enh at Google, to FreeBSD by maya@NetBSD.org Obtained from: enh at Google See also: NetBSD ns_name.c r1.12 Reviewed by: delphij, ume MFC after: 3 days https://android-review.googlesource.com/c/platform/bionic/+/1093130 Differential Revision: https://reviews.freebsd.org/D21523
|
#
269873 |
|
12-Aug-2014 |
ume |
Fix broken pointer overflow check ns_name_unpack()
Many compilers may optimize away the overflow check `msg + l < msg', where `msg' is a pointer and `l' is an integer, because pointer overflow is undefined behavior in C.
Use a safe precondition test `l >= eom - msg' instead.
Reference: https://android-review.googlesource.com/#/c/50570/
Requested by: pfg Obtained from: NetBSD (CVS rev. 1.10)
|