V4.1.1
·
0 commits
to 4824bdfbeb3c6674a83ddbcb32834bffc706abab
since this release
Changes between FreeRTOS-plus-TCP V4.1.1 and V4.1.0 released June 13, 2024:
It was possible for a carefully crafted DNS response with domain name length value greater than the actual domain name length, to cause a buffer over-read within the DNS Response Parser. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled.
This issue has been fixed by modifying the code to ensure that the DNS Response Parser never attempts to read beyond the DNS response buffer boundary.
We would like to thank Paschal Amusuo, James C. Davis, and Aravind Machiry of Purdue University, for reporting this issue.