From: Nikhil Agrawal <nikhil.agrwal@flipkart.com>
Date: Thu, 20 Dec 2018 05:20:59 +0000 (+0530)
Subject: BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
X-Git-Tag: v2.0-dev0~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2fa66c3b9348d179e478d3d584471ee8989c3f6e;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error

In dns_read_name() when dns name is used with compression and start position of
name is greater than 255 name read is incorrect and causes invalid dns error.
eg: 0xc11b c specifies name compression being used. 11b represent the start
position of name but currently we are using only 1b for start position.

This should be backported as far as 1.7.
---

diff --git a/src/dns.c b/src/dns.c
index 78d8f52f21..1d91e43819 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -417,7 +417,7 @@ int dns_read_name(unsigned char *buffer, unsigned char *bufend,
 			if (depth++ > 100)
 				goto err;
 
-			n = dns_read_name(buffer, bufend, buffer + reader[1],
+			n = dns_read_name(buffer, bufend, buffer + (*reader & 0x3f)*256 + reader[1],
 					  dest, dest_len - nb_bytes, offset, depth);
 			if (n == 0)
 				goto err;