From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 8 Oct 2021 14:12:03 +0000 (-0400)
Subject: ignore blocks which are too big
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d032baa181b8d218417890f827f1e0823961267a;p=thirdparty%2Ffreeradius-server.git

ignore blocks which are too big

i.e. greater than what we can represent in a compressed pointer
---

diff --git a/src/lib/util/dns.c b/src/lib/util/dns.c
index ef5a789ac7b..f63836bfe9a 100644
--- a/src/lib/util/dns.c
+++ b/src/lib/util/dns.c
@@ -52,6 +52,8 @@ fr_dns_labels_t *fr_dns_labels_init(TALLOC_CTX *ctx, uint8_t const *packet, int
 	return lb;
 }
 
+#define MAX_OFFSET (1 << 14)
+
 static int dns_label_add(fr_dns_labels_t *lb, uint8_t const *start, uint8_t const *end)
 {
 	size_t offset, size = end - start;
@@ -67,15 +69,15 @@ static int dns_label_add(fr_dns_labels_t *lb, uint8_t const *start, uint8_t cons
 	fr_assert(end >= start);
 
 	offset = start - lb->start;
-	fr_assert(offset < 65536);
-	fr_assert(size < 65535);
-	fr_assert((offset + size) < 65535);
 
-	FR_PROTO_TRACE("adding label at offset %zu", offset);
+	/*
+	 *	DNS packets can be up to 64K in size, but the
+	 *	compressed pointers can only be up to 2^14 in size.
+	 *	So we just ignore offsets which are greater than 2^14.
+	 */
+	if ((offset + size) >= MAX_OFFSET) return 0;
 
-	if (offset > 65535) return -1;
-	if (size > 65535) return -1;
-	if ((offset + size) > 65535) return -1;
+	FR_PROTO_TRACE("adding label at offset %zu", offset);
 
 	/*
 	 *	We add blocks append-only.  No adding new blocks in