From: Willem Toorop <willem@NLnetLabs.nl>
Date: Wed, 24 Aug 2011 20:04:48 +0000 (+0000)
Subject: Fix heap overflow problem thanks to david keeler: bug #403
X-Git-Tag: release-1.6.11rc1~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=637072dd8a4118bfedfaaf0f8ab6b1ed53301d88;p=thirdparty%2Fldns.git

Fix heap overflow problem thanks to david keeler: bug #403
---

diff --git a/rr.c b/rr.c
index 464a62c8..bfdcf0ba 100644
--- a/rr.c
+++ b/rr.c
@@ -431,7 +431,10 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
 						cur_hex_data_size = 0;
 						while(cur_hex_data_size < 2 * hex_data_size) {
 							c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN);
-							if (c == -1) {
+							if (c != -1) {
+								rd_strlen = strlen(rd);
+							}
+							if (c == -1 || cur_hex_data_size + rd_strlen > 2 * hex_data_size) {
 								LDNS_FREE(hex_data_str);
 								LDNS_FREE(rd);
 								LDNS_FREE(b64);
@@ -441,7 +444,6 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
 								ldns_rr_free(new);
 								return LDNS_STATUS_SYNTAX_RDATA_ERR;
 							}
-							rd_strlen = strlen(rd);
 							strncpy(hex_data_str + cur_hex_data_size, rd, rd_strlen);
 							cur_hex_data_size += rd_strlen;
 						}