diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2013-11-28 23:47:49 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2013-11-28 23:47:49 +0100 |
| commit | ad3ba8838d82267cbafa5d293b86e2eef41fa9c5 (patch) | |
| tree | 32d56fbe3781978eb4ca7c6975f1935ec764f0a5 | |
| parent | b77eda8fc739976e6894186f9610f2c955a2fe01 (diff) | |
ndb/dns: check bad name length in convM2DNS.c:^gname()
| -rw-r--r-- | sys/src/cmd/ndb/convM2DNS.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sys/src/cmd/ndb/convM2DNS.c b/sys/src/cmd/ndb/convM2DNS.c index c2b94c98d..d920462ce 100644 --- a/sys/src/cmd/ndb/convM2DNS.c +++ b/sys/src/cmd/ndb/convM2DNS.c @@ -226,17 +226,21 @@ gname(char *to, RR *rp, Scan *sp) goto err; pointer = 0; p = sp->p; - if (p == nil) { + if(p == nil) { dnslog("gname: %R: nil sp->p", rp); goto err; } toend = to + Domlen; for(len = 0; *p && p < sp->ep; len += (pointer? 0: n+1)) { n = 0; - switch (*p & 0300) { + switch(*p & 0300) { case 0: /* normal label */ - if (p < sp->ep) + if(p < sp->ep) n = *p++ & 077; /* pick up length */ + if(sp->ep - p <= n){ + sp->err = "bad name length"; + goto err; + } if(len + n < Domlen - 1){ if(n > toend - to){ errtoolong(rp, sp, toend - to, n, |