X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=avahi-core%2Fdns.c;h=41ccc8f3503c689e93ae6e612d22100f3656b3b5;hb=a4572037763c65ec34ac921a6e15b936c6525b5d;hp=fec55e4ca8e902a738e9587e9d1450e742c70f6c;hpb=83b432c2369d7ef4142811bea0109b6588b6f313;p=catta diff --git a/avahi-core/dns.c b/avahi-core/dns.c index fec55e4..41ccc8f 100644 --- a/avahi-core/dns.c +++ b/avahi-core/dns.c @@ -28,6 +28,7 @@ #include #include +#include #include #include @@ -152,6 +153,19 @@ void avahi_dns_packet_inc_field(AvahiDnsPacket *p, unsigned idx) { avahi_dns_packet_set_field(p, idx, avahi_dns_packet_get_field(p, idx) + 1); } + +static void name_table_cleanup(void *key, void *value, void *user_data) { + AvahiDnsPacket *p = user_data; + + if ((uint8_t*) value >= AVAHI_DNS_PACKET_DATA(p) + p->size) + avahi_hashmap_remove(p->name_table, key); +} + +void avahi_dns_packet_cleanup_name_table(AvahiDnsPacket *p) { + if (p->name_table) + avahi_hashmap_foreach(p->name_table, name_table_cleanup, p); +} + uint8_t* avahi_dns_packet_append_name(AvahiDnsPacket *p, const char *name) { uint8_t *d, *saved_ptr = NULL; size_t saved_size; @@ -215,6 +229,8 @@ uint8_t* avahi_dns_packet_append_name(AvahiDnsPacket *p, const char *name) { fail: p->size = saved_size; + avahi_dns_packet_cleanup_name_table(p); + return NULL; } @@ -332,10 +348,11 @@ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_ int ret = 0; int compressed = 0; int first_label = 1; + unsigned label_ptr; int i; assert(p && ret_name && l); - for (i = 0; i < 127; i++) { + for (i = 0; i < AVAHI_DNS_LABELS_MAX; i++) { uint8_t n; if (idx+1 > p->size) @@ -385,7 +402,12 @@ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_ if (idx+2 > p->size) return -1; - idx = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1]; + label_ptr = ((unsigned) (AVAHI_DNS_PACKET_DATA(p)[idx] & ~0xC0)) << 8 | AVAHI_DNS_PACKET_DATA(p)[idx+1]; + + if ((label_ptr < AVAHI_DNS_PACKET_HEADER_SIZE) || (label_ptr >= idx)) + return -1; + + idx = label_ptr; if (!compressed) ret += 2; @@ -394,6 +416,8 @@ static int consume_labels(AvahiDnsPacket *p, unsigned idx, char *ret_name, size_ } else return -1; } + + return -1; } int avahi_dns_packet_consume_name(AvahiDnsPacket *p, char *ret_name, size_t l) { @@ -580,6 +604,7 @@ static int parse_rdata(AvahiDnsPacket *p, AvahiRecord *r, uint16_t rdlength) { if (rdlength > 0) { r->data.generic.data = avahi_memdup(avahi_dns_packet_get_rptr(p), rdlength); + r->data.generic.size = rdlength; if (avahi_dns_packet_skip(p, rdlength) < 0) return -1; @@ -675,6 +700,8 @@ uint8_t* avahi_dns_packet_append_key(AvahiDnsPacket *p, AvahiKey *k, int unicast !avahi_dns_packet_append_uint16(p, k->type) || !avahi_dns_packet_append_uint16(p, k->clazz | (unicast_response ? AVAHI_DNS_UNICAST_RESPONSE : 0))) { p->size = size; + avahi_dns_packet_cleanup_name_table(p); + return NULL; } @@ -745,7 +772,7 @@ static int append_rdata(AvahiDnsPacket *p, AvahiRecord *r) { default: if (r->data.generic.size) - if (avahi_dns_packet_append_bytes(p, r->data.generic.data, r->data.generic.size)) + if (!avahi_dns_packet_append_bytes(p, r->data.generic.data, r->data.generic.size)) return -1; break; @@ -777,7 +804,7 @@ uint8_t* avahi_dns_packet_append_record(AvahiDnsPacket *p, AvahiRecord *r, int c goto fail; size = avahi_dns_packet_extend(p, 0) - start; - assert(size <= 0xFFFF); + assert(size <= AVAHI_DNS_RDATA_MAX); /* avahi_log_debug("appended %u", size); */ @@ -789,6 +816,8 @@ uint8_t* avahi_dns_packet_append_record(AvahiDnsPacket *p, AvahiRecord *r, int c fail: p->size = size; + avahi_dns_packet_cleanup_name_table(p); + return NULL; }