>From 25bf2bd6a61f72a1722f9a86d3f4c71a05e4fabe Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 4 Sep 2014 09:11:34 +0200 Subject: [PATCH 1/2] fix handling of zero length domain names in dn_expand Copy a zero length string instead of returning error when trying to expand a zero length domain name (null terminator). This fixes a regression introduced with 56b57f37a46dab432. --- src/network/dn_expand.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/network/dn_expand.c b/src/network/dn_expand.c index 849df19..eb0af1a 100644 --- a/src/network/dn_expand.c +++ b/src/network/dn_expand.c @@ -4,9 +4,14 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsigned char *src, char *dest, int space) { const unsigned char *p = src; - char *dend = dest + (space > 254 ? 254 : space); + char *dend; int len = -1, i, j; - if (p==end || !*p) return -1; + if (p==end || size <= 0) return -1; + dend = dest + (space > 254 ? 254 : space); + if (!*p) { + *dest = 0; + return 1; + } /* detect reference loop using an iteration counter */ for (i=0; i < end-base; i+=2) { if (*p & 0xc0) { -- 2.1.0 >From dc71eba3dc203b5765193569f6c361ff9c9ee1b1 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 4 Sep 2014 09:14:20 +0200 Subject: [PATCH 2/2] fix bug in dn_expand when a dns packet terminates with a pointer Make sure that output buffer is always terminated with '\0', even if the dns packet terminates the name with a pointer. --- src/network/dn_expand.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/network/dn_expand.c b/src/network/dn_expand.c index eb0af1a..9e36d73 100644 --- a/src/network/dn_expand.c +++ b/src/network/dn_expand.c @@ -21,12 +21,13 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsig if (j >= end-base) return -1; p = base+j; } else if (*p) { - j = *p+1; - if (j>=end-p || j>dend-dest) return -1; - while (--j) *dest++ = *++p; - *dest++ = *++p ? '.' : 0; + j = 1 + *p++; + if (j>end-p || j>dend-dest) return -1; + while (--j) *dest++ = *p++; + *dest++ = '.'; } else { if (len < 0) len = p+1-src; + dest[-1] = 0; return len; } } -- 2.1.0