+2118. [bug] Handle response with long chains of domain name
+ compression pointers which point to other compression
+ pointers. [RT #16427]
+
2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
which could lead to validation failures. named didn't
handle negative DS responses that were in the process
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: name.c,v 1.144.18.15 2006/02/28 03:10:48 marka Exp $ */
+/* $Id: name.c,v 1.144.18.16 2006/12/07 07:03:10 marka Exp $ */
/*! \file */
{
unsigned char *cdata, *ndata;
unsigned int cused; /* Bytes of compressed name data used */
- unsigned int hops, nused, labels, n, nmax;
+ unsigned int nused, labels, n, nmax;
unsigned int current, new_current, biggest_pointer;
isc_boolean_t done;
fw_state state = fw_start;
unsigned char *offsets;
dns_offsets_t odata;
isc_boolean_t downcase;
+ isc_boolean_t seen_pointer;
/*
* Copy the possibly-compressed name at source into target,
- * decompressing it.
+ * decompressing it. Loop prevention is performed by checking
+ * the new pointer against biggest_pointer.
*/
REQUIRE(VALID_NAME(name));
* Set up.
*/
labels = 0;
- hops = 0;
done = ISC_FALSE;
ndata = isc_buffer_used(target);
nused = 0;
+ seen_pointer = ISC_FALSE;
/*
* Find the maximum number of uncompressed target name
while (current < source->active && !done) {
c = *cdata++;
current++;
- if (hops == 0)
+ if (!seen_pointer)
cused++;
switch (state) {
return (DNS_R_BADPOINTER);
biggest_pointer = new_current;
current = new_current;
- cdata = (unsigned char *)source->base +
- current;
- hops++;
- if (hops > DNS_POINTER_MAXHOPS)
- return (DNS_R_TOOMANYHOPS);
+ cdata = (unsigned char *)source->base + current;
+ seen_pointer = ISC_TRUE;
state = fw_start;
break;
default:
* big enough buffer.
*/
return (ISC_R_NOSPACE);
-
}
isc_result_t
projects / thirdparty / bind9.git / commitdiff
