Skip to content

Commit

Permalink
deps: cherry-pick 18ea996 from c-ares upstream
Browse files Browse the repository at this point in the history
Original commit message:

    ares_parse_naptr_reply: make buffer length check more accurate

    9478908a490a6bf009ba58d81de8c1d06d50a117 introduced a length check
    for records parsed by `ares_parse_naptr_reply()`. However, that
    function is designed to parse replies which also contain non-NAPTR
    records; for A records, the `rr_len > 7` check will fail as there
    are only 4 bytes of payload.
    In particular, parsing ANY replies for NAPTR records was broken
    by that patch.

    Fix that by moving the check into the case in which it is already
    known that the record is a NAPTR record.

Ref: c-ares/c-ares@18ea996
PR-URL: #13883
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
addaleax authored and MylesBorins committed Oct 25, 2017
1 parent 05e8b1b commit ed6298c
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions deps/cares/src/ares_parse_naptr_reply.c
Original file line number Diff line number Diff line change
Expand Up @@ -110,18 +110,19 @@ ares_parse_naptr_reply (const unsigned char *abuf, int alen,
status = ARES_EBADRESP;
break;
}
/* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
if (rr_len < 7)
{
status = ARES_EBADRESP;
break;
}

/* Check if we are really looking at a NAPTR record */
if (rr_class == C_IN && rr_type == T_NAPTR)
{
/* parse the NAPTR record itself */

/* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
if (rr_len < 7)
{
status = ARES_EBADRESP;
break;
}

/* Allocate storage for this NAPTR answer appending it to the list */
naptr_curr = ares_malloc_data(ARES_DATATYPE_NAPTR_REPLY);
if (!naptr_curr)
Expand Down

0 comments on commit ed6298c

Please sign in to comment.