Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Sep 2014 00:15:52 +0200
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] fix handling of zero length domain names in
 dn_expand

* Rich Felker <dalias@...c.org> [2014-09-04 16:20:53 -0400]:
> >  	char *dend = dest + (space > 254 ? 254 : space);
> > -	int len = -1, i, j;
> > -	if (p==end || !*p) return -1;
> > +	int len = -1, i, j, first = 1;
> > +	if (p==end || dest==dend) return -1;
> 
> Note that this does nothing to handle negative space, whereas ncopa's

i assumed it to be ub

> such. Semantically it seems to be a zero-length component at the end
> (corresponding to "example.com.." rather than "example.com.", in the
> notation where final dots are not elided). Understanding whether it's
> legal or not probably requires some language-lawyering with RFC 1035,

the rfc is not very clear but i think this case should work

a name is a sequence of labels terminated by a 0 length label

a compressed name is a leading sequence of labels terminated
by a pointer that can be expanded to a name

if 'sequence of labels' can be empty and the conversion to
dotted string notation is done after concatenating the
leading and trailing sequence then there is no '..' issue

> -	char *dend = dest + (space > 254 ? 254 : space);
> +	char *dend;
>  	int len = -1, i, j;
> -	if (p==end || !*p) return -1;
> +	if (p==end || size <= 0) return -1;
> +	dend = dest + (space > 254 ? 254 : space);

ok this part is better than mine

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.