From: Remi Gacogne <rgacogne-github@coredump.fr>
Date: Fri, 27 Nov 2015 14:06:32 +0000 (+0100)
Subject: Check that offset < len in DNSName constructor
X-Git-Tag: dnsdist-1.0.0-alpha1~184^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2948%2Fhead;p=thirdparty%2Fpdns.git

Check that offset < len in DNSName constructor

Otherwise, we might call memchr() with garbage, as len and offset
are signed but memchr()'s n is unsigned (size_t).
---

diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index 8bee721a84..9aed6e1f4c 100644
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -32,6 +32,9 @@ DNSName::DNSName(const char* p)
 
 DNSName::DNSName(const char* pos, int len, int offset, bool uncompress, uint16_t* qtype, uint16_t* qclass, unsigned int* consumed)
 {
+  if (offset >= len)
+    throw std::range_error("Trying to read past the end of the buffer");
+
   if(!uncompress) {
     if(const void * fnd=memchr(pos+offset, 0, len-offset)) {
       d_storage.reserve(2+(const char*)fnd-(pos+offset));