On 02/26/19 09:14, Jiaxin Wu wrote: > Fix CVE-2018-12178 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=809 > > The DNS driver only checks the received packet size against the > minimum DNS header size in DnsOnPacketReceived(), later it accesses > the QueryName and QuerySection beyond the header scope, which might > cause the pointer within DNS driver points to an invalid entry or > modifies the memory content beyond the header scope. > > This patch is to fix above problem. > > Cc: Ye Ting <ting...@intel.com> > Cc: Fu Siyuan <siyuan...@intel.com> > Cc: Wang Fan <fan.w...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> > --- > NetworkPkg/DnsDxe/DnsImpl.c | 77 ++++++++++++++++++++++++++++++++----- > NetworkPkg/DnsDxe/DnsImpl.h | 2 + > 2 files changed, 69 insertions(+), 10 deletions(-)
Please put the precise CVE number in the subject line. Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
