Security #7464
closeddoh2: buffer is not really limited to 65K as should be for DNS
Description
Found by oss-fuzz:
https://issues.oss-fuzz.com/u/1/issues/383880388
No need to backport as DOH2 is only in master
Updated by Philippe Antoine about 1 year ago
Updated by Jason Ish about 1 year ago
Can we change the title? The current one seems ambiguous, perhaps:
doh2: enforce maximum buffer size of 65k
Updated by Philippe Antoine about 1 year ago
Please do.
What was ambiguous ?
For information, there was a check for this 65K limit, but an incomplete one
Updated by Jason Ish about 1 year ago
"not really limited".. Could be... Should be limited to 65k. Or should not be limited to 65k for whatever reason. So I'm not clear if the fix is enforce a 65k limit? Or something else.
Updated by Philippe Antoine about 1 year ago
Jason Ish wrote in #note-5:
"not really limited".. Could be... Should be limited to 65k. Or should not be limited to 65k for whatever reason. So I'm not clear if the fix is enforce a 65k limit? Or something else.
The fix is indeed to really enforce the limit to 65K because the current enforcing does not work in all cases
Updated by Philippe Antoine about 1 year ago
- Status changed from In Review to Closed