diff options
author | Lorenzo Colitti <lorenzo@google.com> | 2017-08-15 21:46:44 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-08-15 21:46:44 +0000 |
commit | 8ad7e52c48422db78cc06ef34bb32445317fa6af (patch) | |
tree | 16e1ab157eb455d51a444845511753ec819762d2 | |
parent | a21366fc0529c748068fdd4bfcab48723e2a5f99 (diff) | |
parent | ea7ccaf32e34273b8fc199c5dc27304d7bb7c34e (diff) | |
download | dnsmasq-8ad7e52c48422db78cc06ef34bb32445317fa6af.tar.gz |
[automerger] Make dnsmasq more stable. am: f25df86146 am: 284fd86f87 am: 31b84030c5 am: d774c6e919 am: 52450e4dde am: 054c9876ff am: d766eb677e am: 31b103e7d6 am: eaa7e2e6fd am: b3621f9b4e am: 7f14f0ab03 am: 72d580fc91 am: 9bc6963a4a am: 879f5cce1d am: 64cfebf14f am: ed12186037
am: ea7ccaf32e
Change-Id: I2be572f64415d690ce16c62f6ae2ab035459199c
-rwxr-xr-x | src/rfc1035.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/rfc1035.c b/src/rfc1035.c index 8ae0bfa..265e4df 100755 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -48,7 +48,7 @@ static int extract_name(HEADER *header, size_t plen, unsigned char **pp, /* end marker */ { /* check that there are the correct no of bytes after the name */ - if (!CHECK_LEN(header, p, plen, extrabytes)) + if (!CHECK_LEN(header, p1 ? p1 : p, plen, extrabytes)) return 0; if (isExtract) @@ -1142,6 +1142,9 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct crec *crecp; int nxdomain = 0, auth = 1, trunc = 0; struct mx_srv_record *rec; + + // Make sure we do not underflow here too. + if (qlen > (limit - ((char *)header))) return 0; /* If there is an RFC2671 pseudoheader then it will be overwritten by partial replies, so we have to do a dry run to see if we can answer |