Bug Description
The HasTCFlag function in dnsutils.go accesses packet[2] without checking if the slice is at least 3 bytes long, which can cause a panic.
Affected Code
dnsutils.go:114-116:
func HasTCFlag(packet []byte) bool {
return packet[2]&2 == 2 // out of bounds if len(packet) < 3
}Impact
All current callers guard against short packets before calling this function, but if a new caller is added in the future without such a guard, this would cause a panic and crash the proxy.
Fix
Add a bounds check:
func HasTCFlag(packet []byte) bool {
if len(packet) < 3 {
return false
}
return packet[2]&2 == 2
}
Bug Description
The
HasTCFlagfunction indnsutils.goaccessespacket[2]without checking if the slice is at least 3 bytes long, which can cause a panic.Affected Code
dnsutils.go:114-116:Impact
All current callers guard against short packets before calling this function, but if a new caller is added in the future without such a guard, this would cause a panic and crash the proxy.
Fix
Add a bounds check: