Zero packet buffers before building output, to reduce risk of information leakage.

2025-12-19 18:28:25 +00:00 · 2016-07-22 20:56:01 +01:00
parent cd2ddb9904
commit fa78573778
8 changed files with 30 additions and 6 deletions
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1209,6 +1209,11 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
  int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
  struct mx_srv_record *rec;
  size_t len;
+
+  /* Clear buffer beyond request to avoid risk of
+     information disclosure. */
+  memset(((char *)header) + qlen, 0, 
+	 (limit - ((char *)header)) - qlen);
  
  if (ntohs(header->ancount) != 0 ||
      ntohs(header->nscount) != 0 ||