Permalink
Browse files

rec: Don't choke on escaped content in getZoneCuts()

`getZoneCuts()` was constructing a `DNSName` by passing a raw label returned
from `DNSName::getRawLabels()` as a string. The constructor then tried to handle
escaped characters from the string, resulting in a different `DNSName` than the
expected one. This caused the `qname != begin` condition to be false even after
every label in `labelsToAdd` had been added, causing an UB by calling
`std::vector::back()` on an empty vector.
Using `DNSName::prependRawLabel()` instead prevents this issue since the string is
not escaped.

(cherry picked from commit 754914f)
  • Loading branch information...
1 parent 49077a2 commit 0f707cd8e8d9c786b968f643a5f30f399918aaae @rgacogne rgacogne committed Dec 19, 2016
Showing with 1 addition and 1 deletion.
  1. +1 −1 pdns/validate.cc
View
@@ -124,7 +124,7 @@ vector<DNSName> getZoneCuts(const DNSName& begin, const DNSName& end, DNSRecordO
// The shortest name is assumed to a zone cut
ret.push_back(qname);
while(qname != begin) {
- qname = DNSName(labelsToAdd.back()) + qname;
+ qname.prependRawLabel(labelsToAdd.back());
labelsToAdd.pop_back();
bool foundCut = false;
auto records = dro.get(qname, (uint16_t)QType::NS);

0 comments on commit 0f707cd

Please sign in to comment.