+3 February 2022: Wouter
+ - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
+
2 February 2022: George
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
- Merge PR #616: Update ratelimit logic. It also introduces
unsigned i, counter=0;
unsigned maxcompr = MAX_COMPRESS_PTRS; /* loop detection, max compr ptrs */
int in_buf = 1;
+ size_t dname_len = 0;
if(comprloop) {
if(*comprloop != 0)
maxcompr = 30; /* for like ipv6 reverse name, per label */
labellen = (uint8_t)*dlen;
else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
labellen = (uint8_t)(pkt + pktlen - pos);
+ dname_len += ((size_t)labellen)+1;
+ if(dname_len > LDNS_MAX_DOMAINLEN) {
+ /* dname_len counts the uncompressed length we have
+ * seen so far, and the domain name has become too
+ * long, prevent the loop from printing overly long
+ * content. */
+ w += sldns_str_print(s, slen,
+ "ErrorDomainNameTooLong");
+ return w;
+ }
for(i=0; i<(unsigned)labellen; i++) {
w += dname_char_print(s, slen, *pos++);
}
projects / thirdparty / unbound.git / commitdiff
