BUG/MINOR: resolvers: fix risk of appending garbage past the domain name

The previous fix 75f72c2eb ("BUG/MEDIUM: resolvers: Fix test on dn label
size in resolv_dn_label_to_str()") may still leave garbage from the input
buffer into the response: if a component length is passed as zero, it
should mark the end, but instead a dot will be emitted, and whatever
follows it in the input buffer would continue to be appended as extra
components. While having no direct consequences beyond the domain not
being properly decoded, it could at least complicate troubleshooting.

This should be backported where the fix above is backported.

diff --git a/src/resolvers.c b/src/resolvers.c
index 5308eaeb77e3718f5372c5010a1faa9626294bfe..7bf245dbc1714d18951b6afeaacfa793c5f3eba8 100644 (file)
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -1857,6 +1857,9 @@ int resolv_dn_label_to_str(const char *dn, int dn_len, char *str, int str_len)
        for (i = 0; i < dn_len; ++i) {
                sz = (unsigned char)dn[i];
 
+               if (!sz)
+                       break;
+
                /* Check str_len adding 1 for the dot if (i!=0) and 1 for null terminator */
                if (str_len < sz+i+(!!i)+1)
                        return -1;