diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2024-05-07 07:54:32 -0700 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2024-05-08 21:13:58 -0700 |
commit | 55c6d6c86bf092401a4876faead603561cc54d50 (patch) | |
tree | 90d00df69f4ece5b33df37253eadaa273563f412 /src | |
parent | a6d26ef64b19bb3c04e707efe8cd08b73e12df9a (diff) |
QDnsLookup/Unix: check size in parsing of SRV records
We need at least 7 bytes: three 16-bit numeric fields and the hostname,
for which we need at least one byte and expandHost() takes care of
checking size further.
Pick-to: 6.7 6.5
Change-Id: Ic5b1273bb0204c31afd8fffd17cd3c9ba3c9fec7
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/kernel/qdnslookup_unix.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp index c0c5f8b715..2c29eb8c0b 100644 --- a/src/network/kernel/qdnslookup_unix.cpp +++ b/src/network/kernel/qdnslookup_unix.cpp @@ -393,6 +393,8 @@ void QDnsLookupRunnable::query(QDnsLookupReply *reply) return reply->makeInvalidReplyError(QDnsLookup::tr("Invalid mail exchange record")); reply->mailExchangeRecords.append(record); } else if (type == QDnsLookup::SRV) { + if (size < 7) + return reply->makeInvalidReplyError(QDnsLookup::tr("Invalid service record")); const quint16 priority = qFromBigEndian<quint16>(response + offset); const quint16 weight = qFromBigEndian<quint16>(response + offset + 2); const quint16 port = qFromBigEndian<quint16>(response + offset + 4); |