--- /dev/null
+--- a/src/network/kernel/qdnslookup_unix.cpp
++++ b/src/network/kernel/qdnslookup_unix.cpp
+@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ // responseLength in case of error, we still can extract the
+ // exact error code from the response.
+ HEADER *header = (HEADER*)response;
+- const int answerCount = ntohs(header->ancount);
+ switch (header->rcode) {
+ case NOERROR:
+ break;
+@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ return;
+ }
+
+- // Skip the query host, type (2 bytes) and class (2 bytes).
+ char host[PACKETSZ], answer[PACKETSZ];
+ unsigned char *p = response + sizeof(HEADER);
+- int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+- if (status < 0) {
++ int status;
++
++ if (ntohs(header->qdcount) == 1) {
++ // Skip the query host, type (2 bytes) and class (2 bytes).
++ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
++ if (status < 0) {
++ reply->error = QDnsLookup::InvalidReplyError;
++ reply->errorString = tr("Could not expand domain name");
++ return;
++ }
++ if ((p - response) + status + 4 >= responseLength)
++ header->qdcount = 0xffff; // invalid reply below
++ else
++ p += status + 4;
++ }
++ if (ntohs(header->qdcount) > 1) {
+ reply->error = QDnsLookup::InvalidReplyError;
+- reply->errorString = tr("Could not expand domain name");
++ reply->errorString = tr("Invalid reply received");
+ return;
+ }
+- p += status + 4;
+
+ // Extract results.
++ const int answerCount = ntohs(header->ancount);
+ int answerIndex = 0;
+ while ((p < response + responseLength) && (answerIndex < answerCount)) {
+ status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+@@ -283,6 +295,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ const QString name = QUrl::fromAce(host);
+
+ p += status;
++
++ if ((p - response) + 10 > responseLength) {
++ // probably just a truncated reply, return what we have
++ return;
++ }
+ const quint16 type = (p[0] << 8) | p[1];
+ p += 2; // RR type
+ p += 2; // RR class
+@@ -290,6 +307,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray &requestN
+ p += 4;
+ const quint16 size = (p[0] << 8) | p[1];
+ p += 2;
++ if ((p - response) + size > responseLength)
++ return; // truncated
+
+ if (type == QDnsLookup::A) {
+ if (size != 4) {
Summary(pl.UTF-8): Biblioteka Qt5 - podstawowe komponenty
Name: qt5-%{orgname}
Version: 5.15.9
-Release: 3
+Release: 4
License: LGPL v3 or GPL v2 or GPL v3 or commercial
Group: X11/Libraries
Source0: https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/%{orgname}-everywhere-opensource-src-%{version}.tar.xz
Patch2: egl-x11.patch
Patch3: CVE-2023-32763-qtbase-5.15.diff
Patch4: CVE-2023-32762-qtbase-5.15.diff
+Patch5: CVE-2023-33285-qtbase-5.15.diff
URL: https://www.qt.io/
%{?with_directfb:BuildRequires: DirectFB-devel}
BuildRequires: EGL-devel
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%{__sed} -i -e 's,usr/X11R6/,usr/,g' mkspecs/linux-g++-64/qmake.conf
projects / packages / qt5-qtbase.git / commitdiff