-
If a server sends an incorrect length in its response, a client is prone to perform an out of boundary read while processing the data. The length field of xHostEntry is used to specify the amount of bytes used to represent the address. It is 16 bit, which means that it is not possible to perform an arbitrary memory access, but it might be enough to read sensitive information, e.g. malloc-related pointers and offsets. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
d81da209