Fix bug 292.

author Wouter Wijngaards <wouter@NLnetLabs.nl>

Tue, 5 Jan 2010 09:55:40 +0000 (09:55 +0000)

committer Wouter Wijngaards <wouter@NLnetLabs.nl>

Tue, 5 Jan 2010 09:55:40 +0000 (09:55 +0000)
author Wouter Wijngaards <wouter@NLnetLabs.nl>
Tue, 5 Jan 2010 09:55:40 +0000 (09:55 +0000)
committer Wouter Wijngaards <wouter@NLnetLabs.nl>
Tue, 5 Jan 2010 09:55:40 +0000 (09:55 +0000)
diff --git a/Changelog b/Changelog

index 5e340794164883dfa76602a50b3b194cfcbdd6fd..811de8cd9158da519db77c5079fa446522143a79 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -6,6 +6,8 @@
           Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
         * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
         * Bugfix: handle escaped characters in TXT rdata.
+       * bug292: no longer crash on malformed domain names where a label is
+         on position 255, which was a buffer overflow by one.
  
  1.6.3  2009-12-04
         * Bugfix: allow for unknown resource records in zonefile with rdlen=0.
diff --git a/wire2host.c b/wire2host.c

index 1ec9046197f2378dbd3fdf638e428fec3b5eb794..c694aa0b9da31479fc66280128b708ed5f0d1b7e 100644 (file)
--- a/wire2host.c
+++ b/wire2host.c
@@ -105,6 +105,10 @@ ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos)
                         return LDNS_STATUS_LABEL_OVERFLOW;
                 }
  
+               /* check space for labelcount itself */
+               if (dname_pos + 1 > LDNS_MAX_DOMAINLEN) {
+                       return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+               }
                 tmp_dname[dname_pos] = label_size;
                 if (label_size > 0) {
                         dname_pos++;
author	Wouter Wijngaards <wouter@NLnetLabs.nl>
	Tue, 5 Jan 2010 09:55:40 +0000 (09:55 +0000)
committer	Wouter Wijngaards <wouter@NLnetLabs.nl>
	Tue, 5 Jan 2010 09:55:40 +0000 (09:55 +0000)
Changelog		patch \| blob \| blame \| history
wire2host.c		patch \| blob \| blame \| history