From 5ed5452823a5da7d7a7b36d5a42d3edc09f2342f Mon Sep 17 00:00:00 2001 From: Trent Lloyd Date: Sat, 16 Dec 2006 15:10:48 +0000 Subject: * avahi-core/dns.c#consume_labels(): Add some additional checks on the compressed label location git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1342 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe --- avahi-core/dns.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/avahi-core/dns.c b/avahi-core/dns.c index a3ec0e6..b31aa20 100644 --- a/avahi-core/dns.c +++ b/avahi-core/dns.c @@ -332,6 +332,7 @@ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_ int ret = 0; int compressed = 0; int first_label = 1; + unsigned label_ptr; int i; assert(p && ret_name && l); @@ -385,7 +386,12 @@ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_ if (idx+2 > p->size) return -1; - idx = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1]; + label_ptr = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1]; + + if ((label_ptr < AVAHI_DNS_PACKET_HEADER_SIZE) || (label_ptr >= idx)) + return -1; + + idx = label_ptr; if (!compressed) ret += 2; -- cgit