ares_parse_naptr_reply: make buffer length check more accurate

9478908 introduced a length check for records parsed by `ares_parse_naptr_reply()`. However, that function is designed to parse replies which also contain non-NAPTR records; for A records, the `rr_len > 7` check will fail as there are only 4 bytes of payload. In particular, parsing ANY replies for NAPTR records was broken by that patch. Fix that by moving the check into the case in which it is already known that the record is a NAPTR record.
c-ares · Jul 15, 2017 · 18ea996 · 18ea996
1 parent df9af31
commit 18ea996
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/ares_parse_naptr_reply.c b/ares_parse_naptr_reply.c
@@ -110,18 +110,19 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
           status = ARES_EBADRESP;
           break;
         }
-      /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
-      if (rr_len < 7)
-        {
-          status = ARES_EBADRESP;
-          break;
-        }
 
       /* Check if we are really looking at a NAPTR record */
       if (rr_class == C_IN && rr_type == T_NAPTR)
         {
           /* parse the NAPTR record itself */
 
+          /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
+          if (rr_len < 7)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+
           /* Allocate storage for this NAPTR answer appending it to the list */
           naptr_curr = ares_malloc_data(ARES_DATATYPE_NAPTR_REPLY);
           if (!naptr_curr)