Remote DoS on maliciously crafted answer#293
Open
xypiie wants to merge 2 commits intoNLnetLabs:developfrom
Open
Remote DoS on maliciously crafted answer#293xypiie wants to merge 2 commits intoNLnetLabs:developfrom
xypiie wants to merge 2 commits intoNLnetLabs:developfrom
Conversation
added 2 commits
January 13, 2026 14:24
ldns_str2rdf_dname() is calling ldns_rdf_new_frm_data() but was not checking the return value for valid allocated memory. This could cause NULL pointer derefs in following code. Correcting this and returning LDNS_STATUS_MEM_ERR on failed mallocs. Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
to prevent remote DoS by malicious DNS repsonses, don't bail out with assert(), but copy as much as possible. This will probably lead to incomplete response, but the error handling of ldns will take over and the process will not just be killed. Issue found by Maciej Musial, Robert Rozanski and Monika Walendzik. Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
Member
|
Thanks. 7d98a7c looks fine and I'd like to accept that one right away. |
wtoorop
added a commit
that referenced
this pull request
Jan 14, 2026
With remaining current function prototypes and behaviour, though improving ldns_buffer_write for production builds.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
buffer: don't bail out when request is bigger than buffer
to prevent remote DoS by malicious DNS repsonses, don't bail out
with assert(), but copy as much as possible.
This will probably lead to incomplete response, but the error
handling of ldns will take over and the process will not just be
killed.
Issue found by Maciej Musial, Robert Rozanski and Monika Walendzik.
ldns_str2rdf_dname: check for successful mallocs
ldns_str2rdf_dname() is calling ldns_rdf_new_frm_data() but was not
checking the return value for valid allocated memory.
This could cause NULL pointer derefs in following code.
Correcting this and returning LDNS_STATUS_MEM_ERR on failed mallocs.