QDnsLookup/Unix: check size in parsing of SRV records

We need at least 7 bytes: three 16-bit numeric fields and the hostname, for which we need at least one byte and expandHost() takes care of checking size further. Pick-to: 6.7 6.5 Change-Id: Ic5b1273bb0204c31afd8fffd17cd3c9ba3c9fec7 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Thiago Macieira <thiago.macieira@intel.com> 2024-05-07 07:54:32 -0700
committer: Thiago Macieira <thiago.macieira@intel.com> 2024-05-08 21:13:58 -0700
commit: 55c6d6c86bf092401a4876faead603561cc54d50 (patch)
tree: 90d00df69f4ece5b33df37253eadaa273563f412 /src
parent: a6d26ef64b19bb3c04e707efe8cd08b73e12df9a (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp
index c0c5f8b715..2c29eb8c0b 100644
--- a/src/network/kernel/qdnslookup_unix.cpp
+++ b/src/network/kernel/qdnslookup_unix.cpp
@@ -393,6 +393,8 @@ void QDnsLookupRunnable::query(QDnsLookupReply *reply)
                 return reply->makeInvalidReplyError(QDnsLookup::tr("Invalid mail exchange record"));
             reply->mailExchangeRecords.append(record);
         } else if (type == QDnsLookup::SRV) {
+            if (size < 7)
+                return reply->makeInvalidReplyError(QDnsLookup::tr("Invalid service record"));
             const quint16 priority = qFromBigEndian<quint16>(response + offset);
             const quint16 weight = qFromBigEndian<quint16>(response + offset + 2);
             const quint16 port = qFromBigEndian<quint16>(response + offset + 4);
author	Thiago Macieira <thiago.macieira@intel.com>	2024-05-07 07:54:32 -0700
committer	Thiago Macieira <thiago.macieira@intel.com>	2024-05-08 21:13:58 -0700
commit	55c6d6c86bf092401a4876faead603561cc54d50 (patch)
tree	90d00df69f4ece5b33df37253eadaa273563f412 /src
parent	a6d26ef64b19bb3c04e707efe8cd08b73e12df9a (diff)