Author: tfaber Date: Wed Apr 19 11:14:18 2017 New Revision: 74373 URL: http://svn.reactos.org/svn/reactos?rev=74373&view=rev Log: [WS2_32][DNSAPI] - Avoid stack buffer overflow in ParseV4Address CORE-11474 Modified: trunk/reactos/dll/win32/dnsapi/dnsapi/query.c trunk/reactos/dll/win32/ws2_32/src/addrinfo.c Modified: trunk/reactos/dll/win32/dnsapi/dnsapi/query.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/dnsapi/dnsapi/qu… ============================================================================== --- trunk/reactos/dll/win32/dnsapi/dnsapi/query.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/dnsapi/dnsapi/query.c [iso-8859-1] Wed Apr 19 11:14:18 2017 @@ -460,6 +460,7 @@ */ if (*cp && *cp > ' ') return FALSE; + if (pp >= parts + 4) return FALSE; *pp++ = val; /* * Concoct the address according to Modified: trunk/reactos/dll/win32/ws2_32/src/addrinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/ws2_32/src/addri… ============================================================================== --- trunk/reactos/dll/win32/ws2_32/src/addrinfo.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/ws2_32/src/addrinfo.c [iso-8859-1] Wed Apr 19 11:14:18 2017 @@ -148,6 +148,7 @@ */ if (*cp) return FALSE; + if (pp >= parts + 4) return FALSE; *pp++ = val; /* * Concoct the address according to