Skip to content

Commit 58c893e

Browse files
committed
Fixed infinite loop cauesd by invalid dns packets
1 parent ed28c1b commit 58c893e

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

Diff for: src/dns.cpp

+9-2
Original file line numberDiff line numberDiff line change
@@ -800,6 +800,8 @@ DNSInfo DNSRequest::ResultIsReady(DNSHeader &header, unsigned length)
800800
*/
801801
case DNS_QUERY_CNAME:
802802
case DNS_QUERY_PTR:
803+
{
804+
unsigned short lowest_pos = length;
803805
o = 0;
804806
q = 0;
805807
while (q == 0 && i < length && o + 256 < 1023)
@@ -812,14 +814,18 @@ DNSInfo DNSRequest::ResultIsReady(DNSHeader &header, unsigned length)
812814
i = ntohs(ptr);
813815

814816
/* check that highest two bits are set. if not, we've been had */
815-
if (!(i & DN_COMP_BITMASK))
817+
if ((i & DN_COMP_BITMASK) != DN_COMP_BITMASK)
816818
return std::make_pair((unsigned char *) NULL, "DN label decompression header is bogus");
817819

818820
/* mask away the two highest bits. */
819821
i &= ~DN_COMP_BITMASK;
820822

821823
/* and decrease length by 12 bytes. */
822-
i =- 12;
824+
i -= 12;
825+
826+
if (i >= lowest_pos)
827+
return std::make_pair((unsigned char *) NULL, "Invalid decompression pointer");
828+
lowest_pos = i;
823829
}
824830
else
825831
{
@@ -843,6 +849,7 @@ DNSInfo DNSRequest::ResultIsReady(DNSHeader &header, unsigned length)
843849
}
844850
}
845851
res[o] = 0;
852+
}
846853
break;
847854
case DNS_QUERY_AAAA:
848855
if (rr.rdlength != sizeof(struct in6_addr))

0 commit comments

Comments
 (0)