diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-11-09 15:37:04 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-11-09 15:37:04 +0000 |
commit | 60055f8dfde7251330d345c64f0963a2e11cd9d3 (patch) | |
tree | f2e712e59a5123f54b0871dd1808883dc3c298ae | |
parent | a3e4d6a56eb733bc22cf97b885fb460c4b598018 (diff) | |
download | ruby-60055f8dfde7251330d345c64f0963a2e11cd9d3.tar.gz |
* lib/resolv.rb (Resolv::DNS::Message::MessageEncoder#put_labels):
Prevent overflow of pointer to labels.
Patch by Hannes Georg. [ruby-core:71248] [Bug #11632]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52508 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | lib/resolv.rb | 4 | ||||
-rw-r--r-- | test/resolv/test_dns.rb | 17 |
3 files changed, 26 insertions, 1 deletions
@@ -1,3 +1,9 @@ +Tue Nov 10 00:36:46 2015 Tanaka Akira <akr@fsij.org> + + * lib/resolv.rb (Resolv::DNS::Message::MessageEncoder#put_labels): + Prevent overflow of pointer to labels. + Patch by Hannes Georg. [ruby-core:71248] [Bug #11632] + Tue Nov 10 00:25:41 2015 Kazuki Tsujimoto <kazuki@callcc.net> * gems/bundled_gems: update to power_assert 0.2.6. diff --git a/lib/resolv.rb b/lib/resolv.rb index a5eb9fe55f..17c832037f 100644 --- a/lib/resolv.rb +++ b/lib/resolv.rb @@ -1477,7 +1477,9 @@ class Resolv self.put_pack("n", 0xc000 | idx) return else - @names[domain] = @data.length + if @data.length < 0x4000 + @names[domain] = @data.length + end self.put_label(d[i]) end } diff --git a/test/resolv/test_dns.rb b/test/resolv/test_dns.rb index e7857248ce..9f993ba96a 100644 --- a/test/resolv/test_dns.rb +++ b/test/resolv/test_dns.rb @@ -197,4 +197,21 @@ class TestResolvDNS < Test::Unit::TestCase expected = (['0'] * 32 + ['ip6', 'arpa']).map {|label| Resolv::DNS::Label::Str.new(label) } assert_equal(expected, labels) end + + def test_too_big_label_address + n = 2000 + m = Resolv::DNS::Message::MessageEncoder.new {|msg| + 2.times { + n.times {|i| msg.put_labels(["foo#{i}"]) } + } + } + Resolv::DNS::Message::MessageDecoder.new(m.to_s) {|msg| + 2.times { + n.times {|i| + assert_equal(["foo#{i}"], msg.get_labels.map {|label| label.to_s }) + } + } + } + assert_operator(2**14, :<, m.to_s.length) + end end |