From fc82b0a2dfe7dbd35671c10510a8da1043d746a5 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Sat, 31 Dec 2016 20:22:09 +0100
Subject: CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ #18784]

Also rename T_UNSPEC because an upcoming public header file
update will use that name.
---
 resolv/res_mkquery.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'resolv/res_mkquery.c')

diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
index 12f9730199..d80b5318e5 100644
--- a/resolv/res_mkquery.c
+++ b/resolv/res_mkquery.c
@@ -103,6 +103,10 @@ res_nmkquery(res_state statp,
 	int n;
 	u_char *dnptrs[20], **dpp, **lastdnptr;
 
+	if (class < 0 || class > 65535
+	    || type < 0 || type > 65535)
+	  return -1;
+
 #ifdef DEBUG
 	if (statp->options & RES_DEBUG)
 		printf(";; res_nmkquery(%s, %s, %s, %s)\n",
-- 
cgit v1.2.3