extra sanity check for integer overflow.

git-svn-id: file:///svn/unbound/trunk@3368 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/util/data/msgreply.c b/util/data/msgreply.c
index 68bcfd09ee39423c10734ae24d1b1dfc93a03c28..c87c666ac5e69101a71a069f716d6e0f5e3777cc 100644 (file)
--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@@ -87,6 +87,7 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
        /* rrset_count-1 because the first ref is part of the struct. */
        size_t s = sizeof(struct reply_info) - sizeof(struct rrset_ref) +
                sizeof(struct ub_packed_rrset_key*) * total;
+       if(total >= 0xffffff) return NULL; /* sanity check on numRRS*/
        if(region)
                rep = (struct reply_info*)regional_alloc(region, s);
        else    rep = (struct reply_info*)malloc(s +