chiark / gitweb /
~ianmdlvl / adns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 278f8ee) | patch
SECURITY: adnshost: Fix missing-final-newline handling on stdin read
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Tue, 6 Dec 2016 12:51:44 +0000 (12:51 +0000)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Tue, 26 May 2020 19:11:54 +0000 (20:11 +0100)
commit72c6bfd77dfdb34457a792874fd1c3030fca90ac
tree2eade9ad735bc195268acf5ca7f4a187919dc9abtree | snapshot
parent278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90commit | diff
SECURITY: adnshost: Fix missing-final-newline handling on stdin read

It is wrong to increment used as well as setting r, since used is
incremented according to r, later.  Rather we should be doing what
read() would have done.

Without this fix, adnshost may read and process one byte beyond the
buffer, perhaps crashing or perhaps somehow leaking the value of that
byte.

Found by AFL 2.35b.  CVE-2017-9108.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
client/adh-main.c diff | blob | history
adns master upstream repository