From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 17 Mar 2015 16:22:04 +0000 (+0000)
Subject: extra sanity check for integer overflow.
X-Git-Tag: release-1.5.4~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9e1b464a6009bc6b1699e990be8b4e9372662f4;p=thirdparty%2Funbound.git

extra sanity check for integer overflow.


git-svn-id: file:///svn/unbound/trunk@3368 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/util/data/msgreply.c b/util/data/msgreply.c
index 68bcfd09e..c87c666ac 100644
--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@@ -87,6 +87,7 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
 	/* rrset_count-1 because the first ref is part of the struct. */
 	size_t s = sizeof(struct reply_info) - sizeof(struct rrset_ref) +
 		sizeof(struct ub_packed_rrset_key*) * total;
+	if(total >= 0xffffff) return NULL; /* sanity check on numRRS*/
 	if(region)
 		rep = (struct reply_info*)regional_alloc(region, s);
 	else	rep = (struct reply_info*)malloc(s +