int n = 0, offset, indir = 0;
/* Allow the caller to pass us abuf + alen and have us check for it. */
- if (encoded == abuf + alen)
+ if (encoded >= abuf + alen)
return -1;
while (*encoded)
rr_len = DNS_RR_LEN(aptr);
rr_ttl = DNS_RR_TTL(aptr);
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ free(rr_name);
+ status = ARES_EBADRESP;
+ break;
+ }
if (rr_class == C_IN && rr_type == T_A
&& rr_len == sizeof(struct in_addr)
rr_len = DNS_RR_LEN(aptr);
rr_ttl = DNS_RR_TTL(aptr);
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ free(rr_name);
+ status = ARES_EBADRESP;
+ break;
+ }
if (rr_class == C_IN && rr_type == T_AAAA
&& rr_len == sizeof(struct ares_in6_addr)
rr_class = DNS_RR_CLASS (aptr);
rr_len = DNS_RR_LEN (aptr);
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
/* Check if we are really looking at a MX record */
if (rr_class == C_IN && rr_type == T_MX)
rr_class = DNS_RR_CLASS (aptr);
rr_len = DNS_RR_LEN (aptr);
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
/* Check if we are really looking at a NAPTR record */
if (rr_class == C_IN && rr_type == T_NAPTR)
rr_class = DNS_RR_CLASS( aptr );
rr_len = DNS_RR_LEN( aptr );
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ free(rr_name);
+ status = ARES_EBADRESP;
+ break;
+ }
if ( rr_class == C_IN && rr_type == T_NS )
{
rr_class = DNS_RR_CLASS(aptr);
rr_len = DNS_RR_LEN(aptr);
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ free(rr_name);
+ status = ARES_EBADRESP;
+ break;
+ }
if (rr_class == C_IN && rr_type == T_PTR
&& strcasecmp(rr_name, ptrname) == 0)
status = ARES_ENOMEM;
}
for (i=0 ; i<aliascnt ; i++)
- if (aliases[i])
+ if (aliases[i])
free(aliases[i]);
free(aliases);
if (hostname)
rr_class = DNS_RR_CLASS (aptr);
rr_len = DNS_RR_LEN (aptr);
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
/* Check if we are really looking at a SRV record */
if (rr_class == C_IN && rr_type == T_SRV)
rr_class = DNS_RR_CLASS (aptr);
rr_len = DNS_RR_LEN (aptr);
aptr += RRFIXEDSZ;
+ if (aptr + rr_len > abuf + alen)
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
/* Check if we are really looking at a TXT record */
if (rr_class == C_IN && rr_type == T_TXT)
strptr += substr_len + 1;
}
+ if (strptr != (aptr + rr_len))
+ {
+ status = ARES_EBADRESP;
+ break;
+ }
+
/* Including null byte */
txt_curr->txt = malloc (txt_curr->length + 1);
if (txt_curr->txt == NULL)