From: Wouter Wijngaards <wouter@NLnetLabs.nl>
Date: Tue, 5 Jan 2010 09:55:40 +0000 (+0000)
Subject: Fix bug 292.
X-Git-Tag: release-1.6.4~15
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d65ea17d32523ecae76765a4e8d22e20011efdc5;p=thirdparty%2Fldns.git

Fix bug 292.
---

diff --git a/Changelog b/Changelog
index 5e340794..811de8cd 100644
--- a/Changelog
+++ b/Changelog
@@ -6,6 +6,8 @@
 	  Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
 	* Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
 	* Bugfix: handle escaped characters in TXT rdata.
+	* bug292: no longer crash on malformed domain names where a label is
+	  on position 255, which was a buffer overflow by one.
 
 1.6.3	2009-12-04
 	* Bugfix: allow for unknown resource records in zonefile with rdlen=0.
diff --git a/wire2host.c b/wire2host.c
index 1ec90461..c694aa0b 100644
--- a/wire2host.c
+++ b/wire2host.c
@@ -105,6 +105,10 @@ ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos)
 			return LDNS_STATUS_LABEL_OVERFLOW;
 		}
 
+		/* check space for labelcount itself */
+		if (dname_pos + 1 > LDNS_MAX_DOMAINLEN) {
+			return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+		}
 		tmp_dname[dname_pos] = label_size;
 		if (label_size > 0) {
 			dname_pos++;