From c6d5a9431ec28b8af03d20fe1914916f22e6dcff Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Mon, 13 Apr 2015 22:48:50 +0200
Subject: [PATCH] check compression pointers

---
 pdns/dnsname.cc         | 5 ++++-
 pdns/test-dnsname_cc.cc | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index 4c723005c3..26c54fdc31 100644
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -39,7 +39,10 @@ void DNSName::packetParser(const char* pos, int len, int offset, bool uncompress
       labellen &= (~0xc0);
       int newpos = (labellen << 8) + *(const unsigned char*)pos;
 
-      packetParser(opos, len, newpos, labelAdded);
+      if(newpos < len)
+        packetParser(opos, len, newpos, labelAdded);
+      else
+        throw std::range_error("Found an invalid compression pointer");
       pos++;
       break;
     }
diff --git a/pdns/test-dnsname_cc.cc b/pdns/test-dnsname_cc.cc
index 42d6449572..f48f5e26da 100644
--- a/pdns/test-dnsname_cc.cc
+++ b/pdns/test-dnsname_cc.cc
@@ -381,6 +381,13 @@ BOOST_AUTO_TEST_CASE(test_compression) { // Compression test
   BOOST_CHECK_EQUAL(dn.toString(), "www.example.com.");
 }
 
+BOOST_AUTO_TEST_CASE(test_bad_compression_pointer) { // Pointing beyond packet boundary
+
+  std::string name("\x03""com\x00""\x07""example\xc0""\x11""xc0""\x00", 17);
+
+  BOOST_CHECK_THROW(DNSName dn(name.c_str(), name.length(), 5, true), std::range_error);
+}
+
 BOOST_AUTO_TEST_CASE(test_compression_loop) { // Compression loop (add one label)
 
   std::string name("\x03""www\xc0""\x00", 6);
-- 
2.47.2