+------------------------------------------------------------
+revno: 10487
+revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
+parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
+author: Nathan Hoad <nathan@getoffmalawn.com>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Wed 2013-07-10 06:47:48 -0600
+message:
+ Protect against buffer overrun in DNS query generation
+
+ see SQUID-2013:2.
+
+ This bug has been present as long as the internal DNS component however
+ most code reaching this point is passing through URL validation first.
+ With Squid-3.2 Host header verification using DNS directly we may have
+ problems.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
+# timestamp: 2013-07-10 12:48:57 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# base_revision_id: squid3@treenet.co.nz-20130222111325-\
+# zizr296kq3te4g7h
+#
+# Begin patch
+=== modified file 'src/dns_internal.cc'
+--- src/dns_internal.cc 2011-10-11 02:12:56 +0000
++++ src/dns_internal.cc 2013-07-10 12:47:48 +0000
+@@ -1532,22 +1532,26 @@
+ void
+ idnsALookup(const char *name, IDNSCB * callback, void *data)
+ {
+- unsigned int i;
++ size_t nameLength = strlen(name);
++
++ // Prevent buffer overflow on q->name
++ if (nameLength > NS_MAXDNAME) {
++ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
++ callback(data, NULL, 0, "Internal error");
++ return;
++ }
++
++ if (idnsCachedLookup(name, callback, data))
++ return;
++
++ idns_query *q = cbdataAlloc(idns_query);
++ q->id = idnsQueryID();
+ int nd = 0;
+- idns_query *q;
+-
+- if (idnsCachedLookup(name, callback, data))
+- return;
+-
+- q = cbdataAlloc(idns_query);
+-
+- q->id = idnsQueryID();
+-
+- for (i = 0; i < strlen(name); i++)
++ for (unsigned int i = 0; i < nameLength; ++i)
+ if (name[i] == '.')
+ nd++;
+
+- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
++ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
+ q->do_searchpath = 1;
+ } else {
+ q->do_searchpath = 0;
+