import CVE-2015-1868 patch

diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc
index 5a65f0b6162249ece44b1baeaa9c766358fa7f72..5415290eb2ee4630c9f59b21afd0a578e90349d2 100644 (file)
--- a/pdns/dnsparser.cc
+++ b/pdns/dnsparser.cc
@@ -433,9 +433,10 @@ string PacketReader::getText(bool multi)
 
 void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t& frompos, string& ret, int recurs) 
 {
-  if(recurs > 1000) // the forward reference-check below should make this test 100% obsolete
+  if(recurs > 100) // the forward reference-check below should make this test 100% obsolete
     throw MOADNSException("Loop");
 
+  int pos = frompos;
   for(;;) {
     unsigned char labellen=content.at(frompos++);
 
@@ -448,7 +449,7 @@ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t&
       uint16_t offset=256*(labellen & ~0xc0) + (unsigned int)content.at(frompos++) - sizeof(dnsheader);
       //        cout<<"This is an offset, need to go to: "<<offset<<endl;
 
-      if(offset >= frompos-2)
+      if(offset >= pos)
         throw MOADNSException("forward reference during label decompression");
       return getLabelFromContent(content, offset, ret, ++recurs);
     }