mirror of https://github.com/OISF/suricata
Fix out-of-bounds memory access in DNS TXT record parser.
The datalen variable is declared unsigned. If txtlen and datalen are equal, datalen will first be reduced to 0, and then the datalen-- line will cause its value to wrap to 65535. This will cause the loop to continue much longer than intended, and eventually may crash on an out-of-bounds *tdata dereference. Signed-off-by: Aaron Campbell <aaron@monkey.org>pull/1762/head
parent
4dfbc0effa
commit
50f4fb2a72
Loading…
Reference in New Issue