blob: 31bc2b573d7d2460044874ade73ad554f695f2f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 25 Oct 2017 11:19:19 +0200
Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
CVE: CVE-2017-15908
Upstream-Status: Backport [https://launchpadlibrarian.net/342808615/resolved-fix-loop-on-packets-with-pseudo-dns-types.patch]
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
---
src/resolve/resolved-dns-packet.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index e2f227bfc6..35f4d0689b 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
found = true;
- while (bitmask) {
+ for (; bitmask; bit++, bitmask >>= 1)
if (bitmap[i] & bitmask) {
uint16_t n;
@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
if (r < 0)
return r;
}
-
- bit++;
- bitmask >>= 1;
- }
}
if (!found)
|
