Project

General

Profile

Actions

Security #7464

closed

doh2: buffer is not really limited to 65K as should be for DNS

Added by Philippe Antoine 8 months ago. Updated 12 days ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
MODERATE
Disclosure Date:
03/17/2025

Description

Found by oss-fuzz:
https://issues.oss-fuzz.com/u/1/issues/383880388

No need to backport as DOH2 is only in master

Actions #1

Updated by Philippe Antoine 8 months ago

  • Status changed from New to In Review

Gitlab MR

Actions #3

Updated by Jason Ish 8 months ago

Can we change the title? The current one seems ambiguous, perhaps:

doh2: enforce maximum buffer size of 65k

Actions #4

Updated by Philippe Antoine 8 months ago

Please do.

What was ambiguous ?

For information, there was a check for this 65K limit, but an incomplete one

Actions #5

Updated by Jason Ish 8 months ago

"not really limited".. Could be... Should be limited to 65k. Or should not be limited to 65k for whatever reason. So I'm not clear if the fix is enforce a 65k limit? Or something else.

Actions #6

Updated by Philippe Antoine 8 months ago

Jason Ish wrote in #note-5:

"not really limited".. Could be... Should be limited to 65k. Or should not be limited to 65k for whatever reason. So I'm not clear if the fix is enforce a 65k limit? Or something else.

The fix is indeed to really enforce the limit to 65K because the current enforcing does not work in all cases

Actions #7

Updated by Philippe Antoine 8 months ago

  • Status changed from In Review to Closed
Actions #8

Updated by Jason Ish 12 days ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF