From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 2 Mar 2016 15:57:02 +0000 (+0100)
Subject: Fix end computation in DNSName::packetParser
X-Git-Tag: rec-4.0.0-alpha2~21^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b43f60f363d3b997db088278038226cd094b3b51;p=thirdparty%2Fpdns.git

Fix end computation in DNSName::packetParser

end was computed by

end = qpos + offset + len

but the offset is already included in len, as seen in the way
label compression is handled, by calling packetParser with the
same original position and len but an updated offset.
---

diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index 2b1d269c6f..fece6db044 100644
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -81,8 +81,8 @@ void DNSName::packetParser(const char* qpos, int len, int offset, bool uncompres
   if (offset >= len)
     throw std::range_error("Trying to read past the end of the buffer ("+std::to_string(offset)+ " >= "+std::to_string(len)+")");
 
-  pos += offset;
   const unsigned char* end = pos + len;
+  pos += offset;
   while((labellen=*pos++) && pos < end) { // "scan and copy"
     if(labellen & 0xc0) {
       if(!uncompress)
diff --git a/pdns/test-dnsname_cc.cc b/pdns/test-dnsname_cc.cc
index dc8a6388d5..b2e247a2aa 100644
--- a/pdns/test-dnsname_cc.cc
+++ b/pdns/test-dnsname_cc.cc
@@ -256,6 +256,15 @@ BOOST_AUTO_TEST_CASE(test_PacketParse) {
   DNSPacketWriter dpw1(packet, DNSName("."), QType::AAAA);
   DNSName p((char*)&packet[0], packet.size(), 12, false);
   BOOST_CHECK_EQUAL(p, root);
+  unsigned char* buffer=&packet[0];
+  /* set invalid label len:
+     - packet.size() == 17 (sizeof(dnsheader) + 1 + 2 + 2)
+     - label len < packet.size() but
+     - offset is 12, label len of 15 should be rejected
+     because offset + 15 >= packet.size()
+  */
+  buffer[sizeof(dnsheader)] = 15;
+  BOOST_CHECK_THROW(DNSName((char*)&packet[0], packet.size(), 12, false), std::range_error);
 }