1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QDnsLookup/Unix: check size in parsing of SRV records

Browse Source 
We need at least 7 bytes: three 16-bit numeric fields and the hostname,
for which we need at least one byte and expandHost() takes care of
checking size further.

Pick-to: 6.5
Change-Id: Ic5b1273bb0204c31afd8fffd17cd3c9ba3c9fec7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 55c6d6c86bf092401a4876faead603561cc54d50)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Thiago Macieira 2024-05-07 07:54:32 -07:00 committed by Qt Cherry-pick Bot
parent d43c9b0246
commit 7910e5a36e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/network/kernel/qdnslookup_unix.cpp
View File

@ -356,6 +356,8 @@ void QDnsLookupRunnable::query(QDnsLookupReply *reply)
return reply->makeInvalidReplyError(QDnsLookup::tr("Invalid mail exchange record"));
reply->mailExchangeRecords.append(record);
} else if (type == QDnsLookup::SRV) {
if (size < 7)
return reply->makeInvalidReplyError(QDnsLookup::tr("Invalid service record"));
const quint16 priority = qFromBigEndian<quint16>(response + offset);
const quint16 weight = qFromBigEndian<quint16>(response + offset + 2);
const quint16 port = qFromBigEndian<quint16>(response + offset + 4);