rainlance/c-ares
1
0
Fork 0
mirror of https://frontier.innolan.net/rainlance/c-ares.git synced 2025-10-05 23:49:38 +00:00
Code Releases Activity

protocol parsing: check input data stricter

Browse Source 
... so that bad length fields aren't blindly accepted

Bug: http://c-ares.haxx.se/mail/c-ares-archive-2013-04/0016.shtml
This commit is contained in:
Patrick Valsecchi
2013-04-15 22:28:01 +02:00
committed by Daniel Stenberg
parent 2004a7a111
commit 148c8e0353
9 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ares_parse_naptr_reply.c
View File

@ -105,6 +105,11 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
rr_class = DNS_RR_CLASS (aptr);
rr_len = DNS_RR_LEN (aptr);
aptr += RRFIXEDSZ;
if (aptr + rr_len > abuf + alen)
{
status = ARES_EBADRESP;
break;
}
/* Check if we are really looking at a NAPTR record */
if (rr_class == C_IN && rr_type == T_NAPTR)