--- src/network/ns_parse.c.orig +++ src/network/ns_parse.c @@ -23,28 +23,28 @@ { 0x0000, 0 }, }; -u_int ns_get16(const unsigned char *cp) +unsigned ns_get16(const unsigned char *cp) { - u_short s; - NS_GET16(s, cp); - return s; + return cp[0]<<8 | cp[1]; } -u_long ns_get32(const unsigned char *cp) +unsigned long ns_get32(const unsigned char *cp) { - u_long l; - NS_GET32(l, cp); - return l; + return (unsigned)cp[0]<<24 | cp[1]<<16 | cp[2]<<8 | cp[3]; } -void ns_put16(u_int s, unsigned char *cp) +void ns_put16(unsigned s, unsigned char *cp) { - NS_PUT16(s, cp); + *cp++ = s>>8; + *cp++ = s; } -void ns_put32(u_long l, unsigned char *cp) +void ns_put32(unsigned long l, unsigned char *cp) { - NS_PUT32(l, cp); + *cp++ = l>>24; + *cp++ = l>>16; + *cp++ = l>>8; + *cp++ = l; } int ns_initparse(const unsigned char *msg, int msglen, ns_msg *handle) @@ -56,8 +56,11 @@ if (msglen < (2 + ns_s_max) * NS_INT16SZ) goto bad; NS_GET16(handle->_id, msg); NS_GET16(handle->_flags, msg); - for (i = 0; i < ns_s_max; i++) NS_GET16(handle->_counts[i], msg); for (i = 0; i < ns_s_max; i++) { + if (NS_INT16SZ > handle->_eom - msg) goto bad; + NS_GET16(handle->_counts[i], msg); + } + for (i = 0; i < ns_s_max; i++) { if (handle->_counts[i]) { handle->_sections[i] = msg; r = ns_skiprr(msg, handle->_eom, i, handle->_counts[i]); @@ -77,23 +80,24 @@ return -1; } -int ns_skiprr(const u_char *ptr, const u_char *eom, ns_sect section, int count) +int ns_skiprr(const unsigned char *ptr, const unsigned char *eom, ns_sect section, int count) { - const u_char *p = ptr; + const unsigned char *p = ptr; int r; while (count--) { r = dn_skipname(p, eom); if (r < 0) goto bad; + if (r + 2 * NS_INT16SZ > eom - p) goto bad; p += r + 2 * NS_INT16SZ; if (section != ns_s_qd) { - if (p + NS_INT32SZ + NS_INT16SZ > eom) goto bad; + if (NS_INT32SZ + NS_INT16SZ > eom - p) goto bad; p += NS_INT32SZ; NS_GET16(r, p); + if (r > eom - p) goto bad; p += r; } } - if (p > eom) goto bad; return ptr - p; bad: errno = EMSGSIZE; @@ -125,14 +129,14 @@ r = dn_expand(handle->_msg, handle->_eom, handle->_msg_ptr, rr->name, NS_MAXDNAME); if (r < 0) return -1; handle->_msg_ptr += r; - if (handle->_msg_ptr + 2 * NS_INT16SZ > handle->_eom) goto size; + if (2 * NS_INT16SZ > handle->_eom - handle->_msg_ptr) goto size; NS_GET16(rr->type, handle->_msg_ptr); NS_GET16(rr->rr_class, handle->_msg_ptr); if (section != ns_s_qd) { - if (handle->_msg_ptr + NS_INT32SZ + NS_INT16SZ > handle->_eom) goto size; + if (NS_INT32SZ + NS_INT16SZ > handle->_eom - handle->_msg_ptr) goto size; NS_GET32(rr->ttl, handle->_msg_ptr); NS_GET16(rr->rdlength, handle->_msg_ptr); - if (handle->_msg_ptr + rr->rdlength > handle->_eom) goto size; + if (rr->rdlength > handle->_eom - handle->_msg_ptr) goto size; rr->rdata = handle->_msg_ptr; handle->_msg_ptr += rr->rdlength; } else { @@ -159,13 +163,11 @@ return -1; } -int __dn_expand(const unsigned char *, const unsigned char *, const unsigned char *, char *, int); - -int ns_name_uncompress(const u_char *msg, const u_char *eom, - const u_char *src, char *dst, size_t dstsiz) +int ns_name_uncompress(const unsigned char *msg, const unsigned char *eom, + const unsigned char *src, char *dst, size_t dstsiz) { int r; - r = __dn_expand(msg, eom, src, dst, dstsiz); + r = dn_expand(msg, eom, src, dst, dstsiz); if (r < 0) errno = EMSGSIZE; return r; }