39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From c29b0e0a96c4d281aef40d69a11c564d6ed1a2c6 Mon Sep 17 00:00:00 2001
|
|
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
|
|
Date: Thu, 3 Feb 2022 09:03:09 +0100
|
|
Subject: [PATCH] - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
|
|
|
|
---
|
|
sldns/wire2str.c | 11 +++++++++++
|
|
1 files changed, 11 insertions(+)
|
|
|
|
diff --git a/sldns/wire2str.c b/sldns/wire2str.c
|
|
index 6a177ec0b..b70efe299 100644
|
|
--- a/sldns/wire2str.c
|
|
+++ b/sldns/wire2str.c
|
|
@@ -817,6 +817,7 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
|
|
unsigned i, counter=0;
|
|
unsigned maxcompr = MAX_COMPRESS_PTRS; /* loop detection, max compr ptrs */
|
|
int in_buf = 1;
|
|
+ size_t dname_len = 0;
|
|
if(comprloop) {
|
|
if(*comprloop != 0)
|
|
maxcompr = 30; /* for like ipv6 reverse name, per label */
|
|
@@ -872,6 +873,16 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
|
|
labellen = (uint8_t)*dlen;
|
|
else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
|
|
labellen = (uint8_t)(pkt + pktlen - pos);
|
|
+ dname_len += ((size_t)labellen)+1;
|
|
+ if(dname_len > LDNS_MAX_DOMAINLEN) {
|
|
+ /* dname_len counts the uncompressed length we have
|
|
+ * seen so far, and the domain name has become too
|
|
+ * long, prevent the loop from printing overly long
|
|
+ * content. */
|
|
+ w += sldns_str_print(s, slen,
|
|
+ "ErrorDomainNameTooLong");
|
|
+ return w;
|
|
+ }
|
|
for(i=0; i<(unsigned)labellen; i++) {
|
|
w += dname_char_print(s, slen, *pos++);
|
|
}
|