diff options
author | Szabolcs Nagy <nsz@port70.net> | 2014-09-04 18:29:16 +0200 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2015-03-30 01:15:43 -0400 |
commit | 83eb88d6c2f91a80ab1a48458d8de18c31c4ebb0 (patch) | |
tree | 76c54bdc14240d836cfbd571c0edc2a71a43de3d /src/network/dn_expand.c | |
parent | 53f270f964ef645a3b6936c336d46f807974175b (diff) | |
download | musl-83eb88d6c2f91a80ab1a48458d8de18c31c4ebb0.tar.gz musl-83eb88d6c2f91a80ab1a48458d8de18c31c4ebb0.tar.bz2 musl-83eb88d6c2f91a80ab1a48458d8de18c31c4ebb0.tar.xz musl-83eb88d6c2f91a80ab1a48458d8de18c31c4ebb0.zip |
fix dn_expand empty name handling and offsets to 0
Empty name was rejected in dn_expand since commit
56b57f37a46dab432247bf29d96fcb11fbd02a6d
which is a regression as reported by Natanael Copa.
Furthermore if an offset pointer in a compressed name
pointed to a terminating 0 byte (instead of a label)
the returned name was not null terminated.
(cherry picked from commit 49d2c8c6bcf8c926e52c7f510033b6adc31355f5)
Diffstat (limited to 'src/network/dn_expand.c')
-rw-r--r-- | src/network/dn_expand.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/network/dn_expand.c b/src/network/dn_expand.c index 849df19a..d9b33936 100644 --- a/src/network/dn_expand.c +++ b/src/network/dn_expand.c @@ -4,11 +4,13 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsigned char *src, char *dest, int space) { const unsigned char *p = src; - char *dend = dest + (space > 254 ? 254 : space); + char *dend, *dbegin = dest; int len = -1, i, j; - if (p==end || !*p) return -1; + if (p==end || space <= 0) return -1; + dend = dest + (space > 254 ? 254 : space); /* detect reference loop using an iteration counter */ for (i=0; i < end-base; i+=2) { + /* loop invariants: p<end, dest<dend */ if (*p & 0xc0) { if (p+1==end) return -1; j = ((p[0] & 0x3f) << 8) | p[1]; @@ -16,11 +18,12 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsig if (j >= end-base) return -1; p = base+j; } else if (*p) { - j = *p+1; - if (j>=end-p || j>dend-dest) return -1; - while (--j) *dest++ = *++p; - *dest++ = *++p ? '.' : 0; + if (dest != dbegin) *dest++ = '.'; + j = *p++; + if (j >= end-p || j >= dend-dest) return -1; + while (j--) *dest++ = *p++; } else { + *dest = 0; if (len < 0) len = p+1-src; return len; } |