DNS: fix in expand_dns_name

The function parsed the DNS name correctly, however, it did not indicate
that a given name is too long (more than MAX_DNAME_LEN bytes).

Bug: 14041
Change-Id: I4078db488a814ca2114c725d1a17e3ef757843c5
Reviewed-on: https://code.wireshark.org/review/28410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

1 files changed, 12 insertions, 2 deletions

diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c
index 3f4e5d5443..d2ddd6646a 100644
--- a/epan/dissectors/packet-dns.c
+++ b/epan/dissectors/packet-dns.c
@@ -1172,7 +1172,6 @@ expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
   *name=np;
   (*name_len) = 0;
 
-  maxname--;   /* reserve space for the trailing '\0' */
   for (;;) {
     if (max_len && offset - start_offset > max_len - 1) {
       break;
@@ -1194,6 +1193,9 @@ expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
             maxname--;
           }
         }
+        else {
+          maxname--;
+        }
         while (component_len > 0) {
           if (max_len && offset - start_offset > max_len - 1) {
             THROW(ReportedBoundsError);
@@ -1311,7 +1313,15 @@ expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset,
     }
   }
 
-  *np = '\0';
+  // Do we have space for the terminating 0?
+  if (maxname > 0) {
+    *np = '\0';
+  }
+  else {
+    *name="<Name too long>";
+    *name_len = (guint)strlen(*name);
+  }
+
   /* If "len" is negative, we haven't seen a pointer, and thus haven't
      set the length, so set it. */
   if (len < 0) {