git.ipfire.org Git - thirdparty/ipxe.git/commit

author	Michael Brown <mcb30@ipxe.org>
	Wed, 26 Feb 2014 15:54:16 +0000 (15:54 +0000)
committer	Michael Brown <mcb30@ipxe.org>
	Wed, 26 Feb 2014 16:04:34 +0000 (16:04 +0000)
commit	ff341c1861729b1521bb64c0290febe2064ae205
tree	60ab5756afa8cbb39d3624c962de6e9a811609b4	tree \| snapshot
parent	d4c0226a6ce888218f258df409bb6a955e727d81	commit \| diff

[dns] Update end-of-name pointer after processing CNAME record

Commit d4c0226 ("[dns] Support DNS search lists") introduced a
regression when handling CNAME records resolving to names longer than
the original name.  The "end of name" offset stored in dns->offset was
not updated to reflect the length of the new name, causing
dns_question() to append the (empty) search suffix at an incorrect
offset within the name buffer, resulting in a mangled DNS name.

In the case of a CNAME record resolving to a name shorter than or
equal in length to the original name, then the mangling would occur in
an unused portion of the name buffer.  In the common case of a name
server returning the A (or AAAA) record along with the CNAME record,
this would cause name resolution to succeed despite the mangling.  (If
the name server did not return the A or AAAA record along with the
CNAME record, then the mangling would be revealed by the subsequent
invalid query packet.)

Reported-by: Nicolas Sylvain <nsylvain@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>