7b039e89b3
CVE-2022-3080 CVE-2022-2881 CVE-2022-2906 Signed-off-by: huangyu <huangyu106@huawei.com> (cherry picked from commit 6e6a5d5b26542aa0161f59446570b4ea26ab7d03)
46 lines
1.4 KiB
Diff
46 lines
1.4 KiB
Diff
From 13333db69f9b9710a98c86f44276e01e95420fa0 Mon Sep 17 00:00:00 2001
|
|
From: Evan Hunt <each@isc.org>
|
|
Date: Tue, 16 Aug 2022 16:26:02 -0700
|
|
Subject: [PATCH] compression buffer was not reused correctly
|
|
|
|
when the compression buffer was reused for multiple statistics
|
|
requests, responses could grow beyond the correct size. this was
|
|
because the buffer was not cleared before reuse; compressed data
|
|
was still written to the beginning of the buffer, but then the size
|
|
of used region was increased by the amount written, rather than set
|
|
to the amount written. this caused responses to grow larger and
|
|
larger, potentially reading past the end of the allocated buffer.
|
|
|
|
Conflict: NA
|
|
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/13333db69f9b9710a98c86f44276e01e95420fa0
|
|
|
|
(cherry picked from commit 47e9fa981e56a7a232f3219fe8a40525c79d748b)
|
|
---
|
|
lib/isc/httpd.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c
|
|
index 776455a..e55330b 100644
|
|
--- a/lib/isc/httpd.c
|
|
+++ b/lib/isc/httpd.c
|
|
@@ -246,6 +246,8 @@ free_buffer(isc_mem_t *mctx, isc_buffer_t *buffer) {
|
|
if (r.length > 0) {
|
|
isc_mem_put(mctx, r.base, r.length);
|
|
}
|
|
+
|
|
+ isc_buffer_initnull(buffer);
|
|
}
|
|
|
|
static void
|
|
@@ -910,6 +912,7 @@ isc_httpd_compress(isc_httpd_t *httpd) {
|
|
if (result != ISC_R_SUCCESS) {
|
|
return (result);
|
|
}
|
|
+ isc_buffer_clear(&httpd->compbuffer);
|
|
isc_buffer_region(&httpd->compbuffer, &r);
|
|
|
|
/*
|
|
--
|
|
2.23.0
|
|
|