git.proxmox.com Git - mirror

author	Jiaxin Wu <Jiaxin.wu@intel.com>
	Mon, 2 Jul 2018 01:20:56 +0000 (09:20 +0800)
committer	Jiaxin Wu <Jiaxin.wu@intel.com>
	Thu, 28 Feb 2019 00:39:16 +0000 (08:39 +0800)
commit	84110bbe4bb3a346514b9bb12eadb7586bca7dfd
tree	7101546393771f08a14293f6e72c2df0505488d8	tree
parent	38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f	commit \| diff

NetworkPkg/DnsDxe: [CVE-2018-12178] Check the received packet size before parsing the message.

Fix CVE-2018-12178
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=809

The DNS driver only checks the received packet size against the
minimum DNS header size in DnsOnPacketReceived(), later it accesses
the QueryName and QuerySection beyond the header scope, which might
cause the pointer within DNS driver points to an invalid entry or
modifies the memory content beyond the header scope.

This patch is to fix above problem.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wang Fan <fan.wang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

NetworkPkg/DnsDxe/DnsImpl.c		diff \| blob \| blame \| history
NetworkPkg/DnsDxe/DnsImpl.h		diff \| blob \| blame \| history