diff options
author | Erika Szelleova <szelleerika@gmail.com> | 2018-06-24 11:16:59 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2018-07-02 15:49:17 +0000 |
commit | 53e04b621caa00c5cd5641d2fb8eb7e2783f85bd (patch) | |
tree | 98348c1f6e16a381782a301c47045a7aef753ec1 /epan/dissectors/packet-dns.c | |
parent | b8081bba8f070c7d3a621ad5d00597d56c63ad58 (diff) |
DNS: fix in expand_dns_name
The function parsed the DNS name correctly, however, it did not indicate
that a given name is too long (more than MAX_DNAME_LEN bytes).
Bug: 14041
Change-Id: I4078db488a814ca2114c725d1a17e3ef757843c5
Reviewed-on: https://code.wireshark.org/review/28410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-dns.c')
-rw-r--r-- | epan/dissectors/packet-dns.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c index 3f4e5d5443..d2ddd6646a 100644 --- a/epan/dissectors/packet-dns.c +++ b/epan/dissectors/packet-dns.c @@ -1172,7 +1172,6 @@ expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset, *name=np; (*name_len) = 0; - maxname--; /* reserve space for the trailing '\0' */ for (;;) { if (max_len && offset - start_offset > max_len - 1) { break; @@ -1194,6 +1193,9 @@ expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset, maxname--; } } + else { + maxname--; + } while (component_len > 0) { if (max_len && offset - start_offset > max_len - 1) { THROW(ReportedBoundsError); @@ -1311,7 +1313,15 @@ expand_dns_name(tvbuff_t *tvb, int offset, int max_len, int dns_data_offset, } } - *np = '\0'; + // Do we have space for the terminating 0? + if (maxname > 0) { + *np = '\0'; + } + else { + *name="<Name too long>"; + *name_len = (guint)strlen(*name); + } + /* If "len" is negative, we haven't seen a pointer, and thus haven't set the length, so set it. */ if (len < 0) { |