summaryrefslogtreecommitdiffstats
path: root/debian/patches/sd-dhcp6-make-dhcp6_option_parse_domainname-not-store-emp.patch
blob: 3f24eeba7a6c8d944e32b0dfc0594484db3c727c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 19 Oct 2018 03:42:10 +0900
Subject: sd-dhcp6: make dhcp6_option_parse_domainname() not store empty
 domain

This improves performance of fuzzer.
C.f. oss-fuzz#11019.

(cherry picked from commit 3c72b6ed4252e7ff5f7704bfe44557ec197b47fa)
(cherry picked from commit 50403cccee28c7dcd54b138a0d3b3f69ea0204fe)
(cherry picked from commit f11f5abb1a8b96b553d2d156f8b5cf440695c04d)
(cherry picked from commit c836279fca80fb22ca7ef02acaa5b987fee61123)
(cherry picked from commit 4ca0e57c46cf6861ec6f6b6c8e0d430edb3fa5b1)
(cherry picked from commit 32e71d5bc09494736866fd78606994f8bf93b31d)
(cherry picked from commit 331e81621e2ce822fa1c7658393c2daf7b910db8)
---
 src/systemd/src/libsystemd-network/dhcp6-option.c | 66 ++++++++++-------------
 1 file changed, 29 insertions(+), 37 deletions(-)

diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
index d8812c3..d496244 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
@@ -353,6 +353,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
                 bool first = true;
 
                 for (;;) {
+                        const char *label;
                         uint8_t c;
 
                         c = optval[pos++];
@@ -360,47 +361,41 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
                         if (c == 0)
                                 /* End of name */
                                 break;
-                        else if (c <= 63) {
-                                const char *label;
-
-                                /* Literal label */
-                                label = (const char *)&optval[pos];
-                                pos += c;
-                                if (pos >= optlen)
-                                        return -EMSGSIZE;
-
-                                if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
-                                        r = -ENOMEM;
-                                        goto fail;
-                                }
-
-                                if (first)
-                                        first = false;
-                                else
-                                        ret[n++] = '.';
-
-                                r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
-                                if (r < 0)
-                                        goto fail;
-
-                                n += r;
-                                continue;
-                        } else {
-                                r = -EBADMSG;
-                                goto fail;
-                        }
-                }
+                        if (c > 63)
+                                return -EBADMSG;
+
+                        /* Literal label */
+                        label = (const char *)&optval[pos];
+                        pos += c;
+                        if (pos >= optlen)
+                                return -EMSGSIZE;
+
+                        if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
+                                return -ENOMEM;
+
+                        if (first)
+                                first = false;
+                        else
+                                ret[n++] = '.';
 
-                if (!GREEDY_REALLOC(ret, allocated, n + 1)) {
-                        r = -ENOMEM;
-                        goto fail;
+                        r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
+                        if (r < 0)
+                                return r;
+
+                        n += r;
                 }
 
+                if (n == 0)
+                        continue;
+
+                if (!GREEDY_REALLOC(ret, allocated, n + 1))
+                        return -ENOMEM;
+
                 ret[n] = 0;
 
                 r = strv_extend(&names, ret);
                 if (r < 0)
-                        goto fail;
+                        return r;
 
                 idx++;
         }
@@ -409,7 +404,4 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
         names = NULL;
 
         return idx;
-
-fail:
-        return r;
 }