And even more protection from CERT vulnerability VU#264212

samboy · Dec 14, 2014 · c5c4930 · c5c4930
1 parent 1f694df
commit c5c4930
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/deadwood-github/src/DwRecurse.c b/deadwood-github/src/DwRecurse.c
@@ -2887,6 +2887,7 @@ int dwx_do_glueless_inflight(int32_t conn_number, int already, int type) {
 void dwx_do_glueless_new(dw_str *query, int32_t conn_number, int type) {
         int32_t new_conn_num = 0;
         int num_alloc = 0;
+	int depth = 0;
         dw_str *packet = 0;
 
         num_alloc = key_n[DWM_N_max_inflights];
@@ -2900,6 +2901,23 @@ void dwx_do_glueless_new(dw_str *query, int32_t conn_number, int type) {
                 return;
         }
 
+	/* Make sure we "bubble up" the fact we have made a new query */
+	new_conn_num = conn_number;
+	depth = 0;
+	while(rem[conn_number].num_locals > 0 && 
+	      rem[conn_number].local != 0 && 
+	      depth < 30) {	
+		if(rem[conn_number].local[0] != 0) {
+			conn_number = rem[conn_number].local[0]->glueless_conn;
+		}
+		rem[conn_number].recurse_depth++;
+        	if(rem[conn_number].recurse_depth > 83) {
+                	return;
+        	}
+		depth++;
+	}
+	conn_number = new_conn_num;
+
 	rem[conn_number].recurse_depth++;
 
         new_conn_num = find_free_remote();

diff --git a/deadwood-github/src/DwSocket.c b/deadwood-github/src/DwSocket.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2012 Sam Trenholme
+/* Copyright (c) 2007-2014 Sam Trenholme
  * IPv6 code by Jean-Jacques Sarton
  *
  * TERMS