From: Kees Monshouwer <mind04@monshouwer.org>
Date: Mon, 13 Apr 2015 11:52:42 +0000 (+0200)
Subject: fix forward reference-check in getLabelFromContent()
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~98^2~13^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc544e80f94481619719137063b460c50116dee5;p=thirdparty%2Fpdns.git

fix forward reference-check in getLabelFromContent()
---

diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc
index 77105d10bf..f6fc711566 100644
--- a/pdns/dnsparser.cc
+++ b/pdns/dnsparser.cc
@@ -462,6 +462,7 @@ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t&
   if(recurs > 1000) // the forward reference-check below should make this test 100% obsolete
     throw MOADNSException("Loop");
   // it is tempting to call reserve on ret, but it turns out it creates a malloc/free storm in the loop
+  int pos = frompos;
   for(;;) {
     unsigned char labellen=content.at(frompos++);
 
@@ -474,7 +475,7 @@ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t&
       uint16_t offset=256*(labellen & ~0xc0) + (unsigned int)content.at(frompos++) - sizeof(dnsheader);
       //        cout<<"This is an offset, need to go to: "<<offset<<endl;
 
-      if(offset >= frompos-2)
+      if(offset >= pos-2)
         throw MOADNSException("forward reference during label decompression");
       return getLabelFromContent(content, offset, ret, ++recurs);
     }