2118. [bug] Handle response with long chains of domain name
compression pointers which point to other compression
pointers. [RT #16427]
This commit is contained in:
Mark Andrews
4
CHANGES
4
CHANGES
@@ -1,3 +1,7 @@
|
||||
2118. [bug] Handle response with long chains of domain name
|
||||
compression pointers which point to other compression
|
||||
pointers. [RT #16427]
|
||||
|
||||
2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
|
||||
which could lead to validation failures. named didn't
|
||||
handle negative DS responses that were in the process
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: name.c,v 1.160 2006/12/04 01:52:46 marka Exp $ */
|
||||
/* $Id: name.c,v 1.161 2006/12/07 06:57:46 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
@@ -1722,7 +1722,7 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
|
||||
{
|
||||
unsigned char *cdata, *ndata;
|
||||
unsigned int cused; /* Bytes of compressed name data used */
|
||||
unsigned int hops, nused, labels, n, nmax;
|
||||
unsigned int nused, labels, n, nmax;
|
||||
unsigned int current, new_current, biggest_pointer;
|
||||
isc_boolean_t done;
|
||||
fw_state state = fw_start;
|
||||
@@ -1730,10 +1730,12 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
|
||||
unsigned char *offsets;
|
||||
dns_offsets_t odata;
|
||||
isc_boolean_t downcase;
|
||||
isc_boolean_t seen_pointer;
|
||||
|
||||
/*
|
||||
* Copy the possibly-compressed name at source into target,
|
||||
* decompressing it.
|
||||
* decompressing it. Loop prevention is performed by checking
|
||||
* the new pointer against biggest_pointer.
|
||||
*/
|
||||
|
||||
REQUIRE(VALID_NAME(name));
|
||||
@@ -1767,11 +1769,11 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
|
||||
* Set up.
|
||||
*/
|
||||
labels = 0;
|
||||
hops = 0;
|
||||
done = ISC_FALSE;
|
||||
|
||||
ndata = isc_buffer_used(target);
|
||||
nused = 0;
|
||||
seen_pointer = ISC_FALSE;
|
||||
|
||||
/*
|
||||
* Find the maximum number of uncompressed target name
|
||||
@@ -1797,7 +1799,7 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
|
||||
while (current < source->active && !done) {
|
||||
c = *cdata++;
|
||||
current++;
|
||||
if (hops == 0)
|
||||
if (!seen_pointer)
|
||||
cused++;
|
||||
|
||||
switch (state) {
|
||||
@@ -1853,11 +1855,8 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
|
||||
return (DNS_R_BADPOINTER);
|
||||
biggest_pointer = new_current;
|
||||
current = new_current;
|
||||
cdata = (unsigned char *)source->base +
|
||||
current;
|
||||
hops++;
|
||||
if (hops > DNS_POINTER_MAXHOPS)
|
||||
return (DNS_R_TOOMANYHOPS);
|
||||
cdata = (unsigned char *)source->base + current;
|
||||
seen_pointer = ISC_TRUE;
|
||||
state = fw_start;
|
||||
break;
|
||||
default:
|
||||
@@ -1893,7 +1892,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source,
|
||||
* big enough buffer.
|
||||
*/
|
||||
return (ISC_R_NOSPACE);
|
||||
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
|
||||
Reference in New Issue
Block a user