Security #7464
closeddoh2: buffer is not really limited to 65K as should be for DNS
Description
Found by oss-fuzz:
https://issues.oss-fuzz.com/u/1/issues/383880388
No need to backport as DOH2 is only in master
PA Updated by Philippe Antoine over 1 year ago
- Status changed from New to In Review
Gitlab MR
PA Updated by Philippe Antoine over 1 year ago
JI Updated by Jason Ish over 1 year ago
Can we change the title? The current one seems ambiguous, perhaps:
doh2: enforce maximum buffer size of 65k
PA Updated by Philippe Antoine over 1 year ago
Please do.
What was ambiguous ?
For information, there was a check for this 65K limit, but an incomplete one
JI Updated by Jason Ish over 1 year ago
"not really limited".. Could be... Should be limited to 65k. Or should not be limited to 65k for whatever reason. So I'm not clear if the fix is enforce a 65k limit? Or something else.
PA Updated by Philippe Antoine over 1 year ago
Jason Ish wrote in #note-5:
"not really limited".. Could be... Should be limited to 65k. Or should not be limited to 65k for whatever reason. So I'm not clear if the fix is enforce a 65k limit? Or something else.
The fix is indeed to really enforce the limit to 65K because the current enforcing does not work in all cases
PA Updated by Philippe Antoine over 1 year ago
- Status changed from In Review to Closed