From 9f80f32bb352292f39a4e59f363cc1bcd4a6b384 Mon Sep 17 00:00:00 2001 From: Jukka Rissanen Date: Tue, 26 Nov 2024 17:48:43 +0200 Subject: [PATCH] net: dns: Check DNS answer properly The dns_unpack_answer() did not check the length of the message properly which can cause out of bounds read. Signed-off-by: Jukka Rissanen --- subsys/net/lib/dns/dns_pack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subsys/net/lib/dns/dns_pack.c b/subsys/net/lib/dns/dns_pack.c index 846078077d11..90056bc99709 100644 --- a/subsys/net/lib/dns/dns_pack.c +++ b/subsys/net/lib/dns/dns_pack.c @@ -134,7 +134,7 @@ int dns_unpack_answer(struct dns_msg_t *dns_msg, int dname_ptr, uint32_t *ttl, * * See RFC-1035 4.1.3. Resource record format */ - rem_size = dns_msg->msg_size - dname_len; + rem_size = dns_msg->msg_size - dns_msg->answer_offset - dname_len; if (rem_size < 2 + 2 + 4 + 2) { return -EINVAL; }