fix out-of-bounds reads in __dns_parse

[musl] / src / network / dns_parse.c

diff --git a/src/network/dns_parse.c b/src/network/dns_parse.c
index e6ee19d..320df60 100644 (file)
--- a/src/network/dns_parse.c
+++ b/src/network/dns_parse.c
@@ -15,17 +15,17 @@ int __dns_parse(const unsigned char *r, int rlen, int (*callback)(void *, int, c
        if (qdcount+ancount > 64) return -1;
        while (qdcount--) {
                while (p-r < rlen && *p-1U < 127) p++;
-               if (*p>193 || (*p==193 && p[1]>254) || p>r+rlen-6)
+               if (p>r+rlen-6 || *p>193 || (*p==193 && p[1]>254))
                        return -1;
                p += 5 + !!*p;
        }
        while (ancount--) {
                while (p-r < rlen && *p-1U < 127) p++;
-               if (*p>193 || (*p==193 && p[1]>254) || p>r+rlen-6)
+               if (p>r+rlen-12 || *p>193 || (*p==193 && p[1]>254))
                        return -1;
                p += 1 + !!*p;
                len = p[8]*256 + p[9];
-               if (p+len > r+rlen) return -1;
+               if (len+10 > r+rlen-p) return -1;
                if (callback(ctx, p[1], p+10, len, r) < 0) return -1;
                p += 10 + len;
        }