From db848813bae4d28c524b3b6a7dad135e426659ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 18 Jun 2017 16:07:57 -0400 Subject: [PATCH] resolved: simplify alloc size calculation The allocation size was calculated in a complicated way, and for values close to the page size we would actually allocate less than requested. Reported by Chris Coulson . CVE-2017-9445 [Upstream commit: https://github.com/systemd/systemd/commit/db848813bae4d28c524b3b6a7dad135e426659ce] Signed-off-by: Thomas Petazzoni --- src/resolve/resolved-dns-packet.c | 8 +------- src/resolve/resolved-dns-packet.h | 2 -- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 240ee448f4..821b66e266 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { assert(ret); - if (mtu <= UDP_PACKET_HEADER_SIZE) - a = DNS_PACKET_SIZE_START; - else - a = mtu - UDP_PACKET_HEADER_SIZE; - - if (a < DNS_PACKET_HEADER_SIZE) - a = DNS_PACKET_HEADER_SIZE; + a = MAX(mtu, DNS_PACKET_HEADER_SIZE); /* round up to next page size */ a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index 2c92392e4d..3abcaf8cf3 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -66,8 +66,6 @@ struct DnsPacketHeader { /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 -#define DNS_PACKET_SIZE_START 512 - struct DnsPacket { int n_ref; DnsProtocol protocol;