From: Alex <bigalex934@gmail.com>
Date: Sun, 24 Dec 2023 21:38:23 +0000 (+0000)
Subject: Avoid UB when packing a domain name (#1613)
X-Git-Tag: SQUID_7_0_1~248
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be4bca3da26367e309e8a0010e91b14b2df07b9b;p=thirdparty%2Fsquid.git

Avoid UB when packing a domain name (#1613)

rfc1035NamePack() called rfc1035LabelPack() with a nil label buffer.
Feeding memcpy() a nil buffer is undefined behavior, even if size is 0.
---

diff --git a/src/dns/rfc1035.cc b/src/dns/rfc1035.cc
index 1d022b7aae..1b0be10aba 100644
--- a/src/dns/rfc1035.cc
+++ b/src/dns/rfc1035.cc
@@ -100,10 +100,11 @@ rfc1035HeaderPack(char *buf, size_t sz, rfc1035_message * hdr)
 static int
 rfc1035LabelPack(char *buf, size_t sz, const char *label)
 {
+    assert(label);
+    assert(!strchr(label, '.'));
+
     int off = 0;
-    size_t len = label ? strlen(label) : 0;
-    if (label)
-        assert(!strchr(label, '.'));
+    auto len = strlen(label);
     if (len > RFC1035_MAXLABELSZ)
         len = RFC1035_MAXLABELSZ;
     assert(sz >= len + 1);
@@ -134,8 +135,12 @@ rfc1035NamePack(char *buf, size_t sz, const char *name)
     for (t = strtok(copy, "."); t; t = strtok(nullptr, "."))
         off += rfc1035LabelPack(buf + off, sz - off, t);
     xfree(copy);
-    off += rfc1035LabelPack(buf + off, sz - off, nullptr);
-    assert(off <= sz);
+
+    // add a terminating root (i.e. zero length) label
+    assert(off < sz);
+    buf[off] = 0;
+    ++off;
+
     return off;
 }