| From db848813bae4d28c524b3b6a7dad135e426659ce Mon Sep 17 00:00:00 2001 |
| From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
| Date: Sun, 18 Jun 2017 16:07:57 -0400 |
| Subject: [PATCH] resolved: simplify alloc size calculation |
| |
| The allocation size was calculated in a complicated way, and for values |
| close to the page size we would actually allocate less than requested. |
| |
| Reported by Chris Coulson <chris.coulson@canonical.com>. |
| |
| CVE-2017-9445 |
| |
| [Upstream commit: https://github.com/systemd/systemd/commit/db848813bae4d28c524b3b6a7dad135e426659ce] |
| Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> |
| --- |
| src/resolve/resolved-dns-packet.c | 8 +------- |
| src/resolve/resolved-dns-packet.h | 2 -- |
| 2 files changed, 1 insertion(+), 9 deletions(-) |
| |
| diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c |
| index 240ee448f4..821b66e266 100644 |
| --- a/src/resolve/resolved-dns-packet.c |
| +++ b/src/resolve/resolved-dns-packet.c |
| @@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { |
| |
| assert(ret); |
| |
| - if (mtu <= UDP_PACKET_HEADER_SIZE) |
| - a = DNS_PACKET_SIZE_START; |
| - else |
| - a = mtu - UDP_PACKET_HEADER_SIZE; |
| - |
| - if (a < DNS_PACKET_HEADER_SIZE) |
| - a = DNS_PACKET_HEADER_SIZE; |
| + a = MAX(mtu, DNS_PACKET_HEADER_SIZE); |
| |
| /* round up to next page size */ |
| a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); |
| diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h |
| index 2c92392e4d..3abcaf8cf3 100644 |
| --- a/src/resolve/resolved-dns-packet.h |
| +++ b/src/resolve/resolved-dns-packet.h |
| @@ -66,8 +66,6 @@ struct DnsPacketHeader { |
| /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ |
| #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 |
| |
| -#define DNS_PACKET_SIZE_START 512 |
| - |
| struct DnsPacket { |
| int n_ref; |
| DnsProtocol protocol; |