projects
/
musl
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix out-of-bounds reads in __dns_parse
[musl]
/
src
/
network
/
dns_parse.c
diff --git
a/src/network/dns_parse.c
b/src/network/dns_parse.c
index
e6ee19d
..
320df60
100644
(file)
--- a/
src/network/dns_parse.c
+++ b/
src/network/dns_parse.c
@@
-15,17
+15,17
@@
int __dns_parse(const unsigned char *r, int rlen, int (*callback)(void *, int, c
if (qdcount+ancount > 64) return -1;
while (qdcount--) {
while (p-r < rlen && *p-1U < 127) p++;
if (qdcount+ancount > 64) return -1;
while (qdcount--) {
while (p-r < rlen && *p-1U < 127) p++;
- if (
*p>193 || (*p==193 && p[1]>254) || p>r+rlen-6
)
+ if (
p>r+rlen-6 || *p>193 || (*p==193 && p[1]>254)
)
return -1;
p += 5 + !!*p;
}
while (ancount--) {
while (p-r < rlen && *p-1U < 127) p++;
return -1;
p += 5 + !!*p;
}
while (ancount--) {
while (p-r < rlen && *p-1U < 127) p++;
- if (
*p>193 || (*p==193 && p[1]>254) || p>r+rlen-6
)
+ if (
p>r+rlen-12 || *p>193 || (*p==193 && p[1]>254)
)
return -1;
p += 1 + !!*p;
len = p[8]*256 + p[9];
return -1;
p += 1 + !!*p;
len = p[8]*256 + p[9];
- if (
p+len > r+rlen
) return -1;
+ if (
len+10 > r+rlen-p
) return -1;
if (callback(ctx, p[1], p+10, len, r) < 0) return -1;
p += 10 + len;
}
if (callback(ctx, p[1], p+10, len, r) < 0) return -1;
p += 10 + len;
}