Avoid UB when packing a domain name (#1613)

rfc1035NamePack() called rfc1035LabelPack() with a nil label buffer.
Feeding memcpy() a nil buffer is undefined behavior, even if size is 0.

diff --git a/src/dns/rfc1035.cc b/src/dns/rfc1035.cc
index 1d022b7aae4701c0b48e9714c6cdfbc71b2d8bda..1b0be10abaa5b25f4049a1dc0b5db49372f89509 100644 (file)
--- a/src/dns/rfc1035.cc
+++ b/src/dns/rfc1035.cc
@@ -100,10 +100,11 @@ rfc1035HeaderPack(char *buf, size_t sz, rfc1035_message * hdr)
 static int
 rfc1035LabelPack(char *buf, size_t sz, const char *label)
 {
+    assert(label);
+    assert(!strchr(label, '.'));
+
     int off = 0;
-    size_t len = label ? strlen(label) : 0;
-    if (label)
-        assert(!strchr(label, '.'));
+    auto len = strlen(label);
     if (len > RFC1035_MAXLABELSZ)
         len = RFC1035_MAXLABELSZ;
     assert(sz >= len + 1);
@@ -134,8 +135,12 @@ rfc1035NamePack(char *buf, size_t sz, const char *name)
     for (t = strtok(copy, "."); t; t = strtok(nullptr, "."))
         off += rfc1035LabelPack(buf + off, sz - off, t);
     xfree(copy);
-    off += rfc1035LabelPack(buf + off, sz - off, nullptr);
-    assert(off <= sz);
+
+    // add a terminating root (i.e. zero length) label
+    assert(off < sz);
+    buf[off] = 0;
+    ++off;
+
     return off;
 }