-/* $OpenBSD: asr_utils.c,v 1.20 2022/12/27 17:10:06 jmc Exp $ */
+/* $OpenBSD: asr_utils.c,v 1.21 2023/03/15 22:12:00 millert Exp $ */
/*
* Copyright (c) 2009-2012 Eric Faurot <eric@faurot.net>
*
for (; (n = data[offset]); ) {
if ((n & 0xc0) == 0xc0) {
- if (offset + 2 > len)
+ if (offset + 1 >= len)
return (-1);
ptr = 256 * (n & ~0xc0) + data[offset + 1];
if (ptr >= start)
offset = start = ptr;
continue;
}
- if (offset + n + 1 > len)
+ if (offset + n + 1 >= len)
return (-1);
if (dname_check_label(data + offset + 1, n) == -1)
-/* $OpenBSD: getrrsetbyname_async.c,v 1.12 2022/12/27 17:10:06 jmc Exp $ */
+/* $OpenBSD: getrrsetbyname_async.c,v 1.13 2023/03/15 22:12:00 millert Exp $ */
/*
* Copyright (c) 2012 Eric Faurot <eric@openbsd.org>
*
/* The rest of this file is taken from the original implementation. */
-/* $OpenBSD: getrrsetbyname_async.c,v 1.12 2022/12/27 17:10:06 jmc Exp $ */
+/* $OpenBSD: getrrsetbyname_async.c,v 1.13 2023/03/15 22:12:00 millert Exp $ */
/*
* Copyright (c) 2001 Jakob Schlyter. All rights reserved.
struct dns_response *resp;
const u_char *cp;
+ if (size <= HFIXEDSZ)
+ return (NULL);
+
/* allocate memory for the response */
resp = calloc(1, sizeof(*resp));
if (resp == NULL)
int i, length;
char name[MAXDNAME];
- for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
+#define NEED(need) \
+ do { \
+ if (*cp + need > answer + size) \
+ goto fail; \
+ } while (0)
- /* allocate and initialize struct */
- curr = calloc(1, sizeof(struct dns_query));
- if (curr == NULL) {
+ for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
+ if (*cp >= answer + size) {
+ fail:
free_dns_query(head);
return (NULL);
}
+ /* allocate and initialize struct */
+ curr = calloc(1, sizeof(struct dns_query));
+ if (curr == NULL)
+ goto fail;
if (head == NULL)
head = curr;
if (prev != NULL)
free_dns_query(head);
return (NULL);
}
+ NEED(length);
*cp += length;
/* type */
+ NEED(INT16SZ);
curr->type = _getshort(*cp);
*cp += INT16SZ;
/* class */
+ NEED(INT16SZ);
curr->class = _getshort(*cp);
*cp += INT16SZ;
}
+#undef NEED
return (head);
}
int i, length;
char name[MAXDNAME];
- for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
+#define NEED(need) \
+ do { \
+ if (*cp + need > answer + size) \
+ goto fail; \
+ } while (0)
- /* allocate and initialize struct */
- curr = calloc(1, sizeof(struct dns_rr));
- if (curr == NULL) {
+ for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
+ if (*cp >= answer + size) {
+ fail:
free_dns_rr(head);
return (NULL);
}
+
+ /* allocate and initialize struct */
+ curr = calloc(1, sizeof(struct dns_rr));
+ if (curr == NULL)
+ goto fail;
if (head == NULL)
head = curr;
if (prev != NULL)
free_dns_rr(head);
return (NULL);
}
+ NEED(length);
*cp += length;
/* type */
+ NEED(INT16SZ);
curr->type = _getshort(*cp);
*cp += INT16SZ;
/* class */
+ NEED(INT16SZ);
curr->class = _getshort(*cp);
*cp += INT16SZ;
/* ttl */
+ NEED(INT32SZ);
curr->ttl = _getlong(*cp);
*cp += INT32SZ;
/* rdata size */
+ NEED(INT16SZ);
curr->size = _getshort(*cp);
*cp += INT16SZ;
/* rdata itself */
+ NEED(curr->size);
curr->rdata = malloc(curr->size);
if (curr->rdata == NULL) {
free_dns_rr(head);
memcpy(curr->rdata, *cp, curr->size);
*cp += curr->size;
}
+#undef NEED
return (head);
}
-/* $OpenBSD: res_comp.c,v 1.22 2022/12/27 17:10:06 jmc Exp $ */
+/* $OpenBSD: res_comp.c,v 1.23 2023/03/15 22:12:00 millert Exp $ */
/*
* ++Copyright++ 1985, 1993
char *eom;
int len = -1, checked = 0;
+ if (comp_dn < msg || comp_dn >= eomorig)
+ return (-1);
+
dn = exp_dn;
cp = comp_dn;
if (length > HOST_NAME_MAX)
* fetch next label in domain name
*/
while ((n = *cp++)) {
+ if (cp >= eomorig) /* out of range */
+ return (-1);
+
/*
* Check for indirection
*/
projects / openbsd / commitdiff