From c4331be97aaf8c95718456dec0a8293071cc35de Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Thu, 15 Aug 2024 13:58:47 +0200 Subject: [PATCH] Prevent possible OOB read in DNS reply parsing --- app/src/main/jni/core/pcapdroid.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/src/main/jni/core/pcapdroid.c b/app/src/main/jni/core/pcapdroid.c index 02e7fcc9..3418c4f7 100644 --- a/app/src/main/jni/core/pcapdroid.c +++ b/app/src/main/jni/core/pcapdroid.c @@ -657,6 +657,9 @@ static void process_dns_reply(pd_conn_t *data, pcapdroid_t *pd, const struct zdt uint16_t addr_len = ntohs((*(uint16_t*)(reply + 8))); reply += 10; len -= 10; + if (len < addr_len) + return; + if((rec_type == 0x1) && (addr_len == 4)) { // A record ipver = 4; rsp_addr.ip4 = *((u_int32_t*)reply);