Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
c-ares:fix CVE-2022-4904 buffer overflow in config_sortlist() due to …
…missing string length check Source: c-ares/c-ares@9903253 MR: 125266 Type: Security Fix Disposition: Backport from c-ares/c-ares@9903253 ChangeID: 33b40926ed3ed7620434f30ff30874e241a3257c Description: Add str len check in config_sortlist to avoid stack overflow (openembedded#497) In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse the input str and initialize a sortlist configuration. However, ares_set_sortlist has not any checks about the validity of the input str. It is very easy to create an arbitrary length stack overflow with the unchecked `memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);` statements in the config_sortlist call, which could potentially cause severe security impact in practical programs. This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the potential stack overflows. fixes openembedded#496 Fix By: @hopper-vul Upstream-Status: Backport [c-ares/c-ares@9903253] CVE: CVE-2022-4904 Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
- Loading branch information