musl - musl - an implementation of the standard library for Linux-based systems

musl - an implementation of the standard library for Linux-based systems

diff options

author	Rich Felker <dalias@aerifal.cx>	2023年07月17日 18:03:38 -0400
committer	Rich Felker <dalias@aerifal.cx>	2023年07月17日 18:03:38 -0400
commit	83b858f83b658bd34eca5d8ad4d145f673ae7e5e (patch)
tree	4f1e1c34a1d83a9303621ad4b9c1c83b707ad24a
parent	a4ecaf89a9b88df76e8bf9f28e1cc6cb89e4bfa8 (diff)
download	musl-83b858f83b658bd34eca5d8ad4d145f673ae7e5e.tar.gz

fix rejection of dns responses with pointers past 512 byte offset

the __dns_parse code used by the stub resolver traditionally included code to reject label pointers to offsets past a 512 byte limit, despite never processing the label contents, only stepping over them. when commit 51d4669fb97782f6a66606da852b5afd49a08001 added support for tcp fallback, this limit was overlooked, and as a result, it was at least theoretically possible for some valid large answers to be rejected on account of these offsets. since the limit was never serving any useful purpose, just remove it.

Diffstat

-rw-r--r--

src/network/dns_parse.c

1 files changed, 2 insertions, 2 deletions

diff --git a/src/network/dns_parse.c b/src/network/dns_parse.c
index 7f83e791..ea1ec126 100644
--- a/src/network/dns_parse.c
+++ b/src/network/dns_parse.c

@@ -15,13 +15,13 @@ int __dns_parse(const unsigned char *r, int rlen, int (*callback)(void *, int, c

if (qdcount+ancount > 64) return -1;

while (qdcount--) {

while (p-r < rlen && *p-1U < 127) p++;

- if (p>r+rlen-6 || *p>193 || (*p==193 && p[1]>254))

+ if (p>r+rlen-6)

return -1;

p += 5 + !!*p;

}

while (ancount--) {

while (p-r < rlen && *p-1U < 127) p++;

- if (p>r+rlen-12 || *p>193 || (*p==193 && p[1]>254))

+ if (p>r+rlen-12)

return -1;

p += 1 + !!*p;

len = p[8]*256 + p[9];

generated by cgit v1.2.1 (git 2.18.0) at 2025年10月04日 12:43:37 +0000