diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2017-08-23 19:20:38 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-08-23 19:20:38 +0000 |
| commit | fd81398d90c53d75f6350471ca011ff8d4ddc15d (patch) | |
| tree | 01cef7964900d8c8a54cfeb467c184c77360ade9 | |
| parent | 328d1b448a782e9544004990cad7aaaaae58d364 (diff) | |
| parent | 6ccfb5e35c50ee67ddfd83441197acec66d51fbf (diff) | |
| download | dnsmasq-oreo-r5-release.tar.gz | |
Merge cherrypicks of [2780997, 2781272, 2781273, 2780106, 2780107, 2779714, 2779715, 2779716, 2779717, 2779979, 2781313, 2781314, 2781315, 2781316, 2781317, 2781318, 2779718, 2779719, 2781352, 2781353, 2779980, 2781610] into oc-r5-releaseandroid-8.0.0_r36android-8.0.0_r31android-8.0.0_r17oreo-r5-release
Change-Id: Ic86da7a669ce48037a156af8279c6d74e00e8d62
| -rwxr-xr-x | src/rfc1035.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/rfc1035.c b/src/rfc1035.c index 8ae0bfa..e440e8a 100755 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -48,7 +48,7 @@ static int extract_name(HEADER *header, size_t plen, unsigned char **pp, /* end marker */ { /* check that there are the correct no of bytes after the name */ - if (!CHECK_LEN(header, p, plen, extrabytes)) + if (!CHECK_LEN(header, p1 ? p1 : p, plen, extrabytes)) return 0; if (isExtract) @@ -1142,6 +1142,9 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct crec *crecp; int nxdomain = 0, auth = 1, trunc = 0; struct mx_srv_record *rec; + + // Make sure we do not underflow here too. + if (qlen > (size_t)(limit - ((char *)header))) return 0; /* If there is an RFC2671 pseudoheader then it will be overwritten by partial replies, so we have to do a dry run to see if we can answer |