|
 |
b6578c0 |
From e3abee3dee32ae7cd8e937e44ace94ab7f45ede9 Mon Sep 17 00:00:00 2001
|
|
|
1d5d446 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
1d5d446 |
Date: Sun, 18 Jun 2017 16:07:57 -0400
|
|
|
b6578c0 |
Subject: [PATCH] resolved: simplify alloc size calculation
|
|
|
1d5d446 |
|
|
|
1d5d446 |
The allocation size was calculated in a complicated way, and for values
|
|
|
1d5d446 |
close to the page size we would actually allocate less than requested.
|
|
|
1d5d446 |
|
|
|
1d5d446 |
Reported by Chris Coulson <chris.coulson@canonical.com>.
|
|
|
1d5d446 |
|
|
|
1d5d446 |
CVE-2017-9445
|
|
|
1d5d446 |
---
|
|
|
1d5d446 |
src/resolve/resolved-dns-packet.c | 8 +-------
|
|
|
1d5d446 |
src/resolve/resolved-dns-packet.h | 2 --
|
|
|
1d5d446 |
2 files changed, 1 insertion(+), 9 deletions(-)
|
|
|
1d5d446 |
|
|
|
1d5d446 |
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
|
|
1d5d446 |
index 8b620cb6a8..7262a50eee 100644
|
|
|
1d5d446 |
--- a/src/resolve/resolved-dns-packet.c
|
|
|
1d5d446 |
+++ b/src/resolve/resolved-dns-packet.c
|
|
|
1d5d446 |
@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
|
|
|
1d5d446 |
|
|
|
1d5d446 |
assert(ret);
|
|
|
1d5d446 |
|
|
|
1d5d446 |
- if (mtu <= UDP_PACKET_HEADER_SIZE)
|
|
|
1d5d446 |
- a = DNS_PACKET_SIZE_START;
|
|
|
1d5d446 |
- else
|
|
|
1d5d446 |
- a = mtu - UDP_PACKET_HEADER_SIZE;
|
|
|
1d5d446 |
-
|
|
|
1d5d446 |
- if (a < DNS_PACKET_HEADER_SIZE)
|
|
|
1d5d446 |
- a = DNS_PACKET_HEADER_SIZE;
|
|
|
1d5d446 |
+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
|
|
|
1d5d446 |
|
|
|
1d5d446 |
/* round up to next page size */
|
|
|
1d5d446 |
a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
|
|
|
1d5d446 |
diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
|
|
|
1d5d446 |
index 7b7d4e14c9..05a7a844e4 100644
|
|
|
1d5d446 |
--- a/src/resolve/resolved-dns-packet.h
|
|
|
1d5d446 |
+++ b/src/resolve/resolved-dns-packet.h
|
|
|
1d5d446 |
@@ -66,8 +66,6 @@ struct DnsPacketHeader {
|
|
|
1d5d446 |
/* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
|
|
|
1d5d446 |
#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
|
|
|
1d5d446 |
|
|
|
1d5d446 |
-#define DNS_PACKET_SIZE_START 512
|
|
|
1d5d446 |
-
|
|
|
1d5d446 |
struct DnsPacket {
|
|
|
1d5d446 |
int n_ref;
|
|
|
1d5d446 |
DnsProtocol protocol;
|