equal
deleted
inserted
replaced
|
1 Fix for CVE-2016-10195 |
|
2 |
|
3 More details at: |
|
4 |
|
5 https://github.com/libevent/libevent/issues/317 |
|
6 |
|
7 Based on commit at: |
|
8 |
|
9 https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d |
|
10 |
|
11 --- libevent-2.0.22/evdns.c.orig 2017-02-02 07:18:16.307620386 +0000 |
|
12 +++ libevent-2.0.22/evdns.c 2017-02-02 07:23:36.432656559 +0000 |
|
13 @@ -960,7 +960,6 @@ |
|
14 |
|
15 for (;;) { |
|
16 u8 label_len; |
|
17 - if (j >= length) return -1; |
|
18 GET8(label_len); |
|
19 if (!label_len) break; |
|
20 if (label_len & 0xc0) { |
|
21 @@ -980,7 +979,7 @@ |
|
22 if (cp + 1 >= end) return -1; |
|
23 *cp++ = '.'; |
|
24 } |
|
25 - if (cp + label_len >= end) return -1; |
|
26 + if (j + label_len > length) return -1; |
|
27 memcpy(cp, packet + j, label_len); |
|
28 cp += label_len; |
|
29 j += label_len; |