From d0a4a4bc9387a45bbb8878a6e153a20ce5d2512a Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 28 Apr 2016 11:59:01 +0200
Subject: [PATCH] Add consistency checks to segmentDNSNameRaw()

This fixes most issues found by fuzzing loadRPZFromFile() with
American Fuzzy Lop.
---
 pdns/dnslabeltext.rl | 3 +++
 pdns/dnsname.cc      | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/pdns/dnslabeltext.rl b/pdns/dnslabeltext.rl
index fb3c3d210f..fe64966fd0 100644
--- a/pdns/dnslabeltext.rl
+++ b/pdns/dnslabeltext.rl
@@ -111,6 +111,9 @@ DNSName::string_t segmentDNSNameRaw(const char* realinput)
         unsigned int lenpos=0;
         %%{
                 action labelEnd { 
+                        if (labellen < 0 || labellen > 63) {
+                          throw runtime_error("Unable to parse DNS name '"+string(realinput)+"': invalid label length "+std::to_string(labellen));
+                        }
                         ret[lenpos]=labellen;
                         labellen=0;
                 }
diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index cfc4d4bebe..369fb4f870 100644
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -51,8 +51,12 @@ DNSName::DNSName(const char* p)
       }
       d_storage.append(1, (char)0);
     }
-    else
+    else {
       d_storage=segmentDNSNameRaw(p); 
+      if(d_storage.size() > 255) {
+        throw std::range_error("name too long");
+      }
+    }
   }
 }
 
-- 
2.47.2