summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libc/inet/resolv.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c
index 5b39e3ffa..d806a9dc9 100644
--- a/libc/inet/resolv.c
+++ b/libc/inet/resolv.c
@@ -328,7 +328,7 @@ extern int __decode_question(const unsigned char * const message, int offset,
extern int __encode_answer(struct resolv_answer * a,
unsigned char * dest, int maxlen) attribute_hidden;
extern int __decode_answer(const unsigned char * message, int offset,
- struct resolv_answer * a) attribute_hidden;
+ int len, struct resolv_answer * a) attribute_hidden;
extern int __length_question(const unsigned char * const message, int offset) attribute_hidden;
extern void __open_nameservers(void) attribute_hidden;
extern void __close_nameservers(void) attribute_hidden;
@@ -588,18 +588,25 @@ int attribute_hidden __encode_answer(struct resolv_answer *a, unsigned char *des
#ifdef L_decodea
int attribute_hidden __decode_answer(const unsigned char *message, int offset,
- struct resolv_answer *a)
+ int len, struct resolv_answer *a)
{
char temp[256];
int i;
+ DPRINTF("decode_answer(start): off %d, len %d\n", offset, len);
i = __decode_dotted(message, offset, temp, sizeof(temp));
if (i < 0)
return i;
message += offset + i;
+ len -= i + RRFIXEDSZ + offset;
+ if (len < 0) {
+ DPRINTF("decode_answer: off %d, len %d, i %d\n", offset, len, i);
+ return len;
+ }
- a->dotted = strdup(temp); /* TODO: what if this fails? */
+// TODO: what if strdup fails?
+ a->dotted = strdup(temp);
a->atype = (message[0] << 8) | message[1];
message += 2;
a->aclass = (message[0] << 8) | message[1];
@@ -614,6 +621,8 @@ int attribute_hidden __decode_answer(const unsigned char *message, int offset,
DPRINTF("i=%d,rdlength=%d\n", i, a->rdlength);
+ if (len < a->rdlength)
+ return -1;
return i + RRFIXEDSZ + a->rdlength;
}
#endif
@@ -940,11 +949,15 @@ int attribute_hidden __dns_lookup(const char *name, int type, int nscount, char
DPRINTF("Decoding answer at pos %d\n", pos);
first_answer = 1;
- for (j = 0; j < h.ancount; j++, pos += i) {
- i = __decode_answer(packet, pos, &ma);
+ for (j = 0; j < h.ancount && pos < len; j++, pos += i) {
+ i = __decode_answer(packet, pos, len, &ma);
if (i < 0) {
DPRINTF("failed decode %d\n", i);
+ /* if the message was truncated and we have
+ decoded some answers, pretend it's OK */
+ if (j && h.tc)
+ break;
goto again;
}
@@ -998,7 +1011,7 @@ int attribute_hidden __dns_lookup(const char *name, int type, int nscount, char
return len; /* success! */
- tryall:
+ tryall:
/* if there are other nameservers, give them a go,
otherwise return with error */
variant = -1;
@@ -1008,7 +1021,7 @@ int attribute_hidden __dns_lookup(const char *name, int type, int nscount, char
continue;
- again:
+ again:
/* if there are searchdomains, try them or fallback as passed */
if (!ends_with_dot) {
int sdomains;