From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 10 May 2019 16:04:38 +0000 (+0200)
Subject: Ensure a valid range to string() in PacketReader::getUnquotedText()
X-Git-Tag: rec-4.2.0-rc1~19^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F7813%2Fhead;p=thirdparty%2Fpdns.git

Ensure a valid range to string() in PacketReader::getUnquotedText()

In some cases we might have called:

string::string(InputIt first, InputIt last)

with last < first, which is invalid.

libstdc++ handles that gracefully by throwing an out-of-range exception
but libc++ tries to allocate a negative value of bytes, which in turns
triggers a request for a very large memory allocation, which fails.
---

diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc
index 233258a3ef..f89ff3f67a 100644
--- a/pdns/dnsparser.cc
+++ b/pdns/dnsparser.cc
@@ -484,6 +484,11 @@ string PacketReader::getUnquotedText(bool lenField)
   else
     stop_at = d_recordlen;
 
+  /* think unsigned overflow */
+  if (stop_at < d_pos) {
+    throw std::out_of_range("getUnquotedText out of record range");
+  }
+
   if(stop_at == d_pos)
     return "";