diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-15 16:37:38 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-15 16:37:38 +0000 |
| commit | ad6cd437632eb8fd75ae0d4fae971f06861ce145 (patch) | |
| tree | 0106513892e34b5c5c41f94953a93335ad5c45c5 | |
| parent | 1a744d4fe44ce7a32f1b395b0f4d90fca61c2c82 (diff) | |
| parent | 6dc950b17f5e3a5122b7faf8303258bacd8511ba (diff) | |
| download | dnsmasq-nougat-mr0.5-release.tar.gz | |
Merge cherrypicks of [2908873, 2908950, 2908867, 2908868, 2908791, 2908793, 2908989, 2908796, 2908798, 2908800, 2908802, 2908804, 2908806, 2908808, 2908632, 2908634, 2908914, 2909049, 2909051, 2908973, 2908874] into nyc-bugfix-releaseandroid-7.0.0_r36android-7.0.0_r35android-7.0.0_r34nougat-mr0.5-release
Change-Id: I4a24a48ace11968e42f4acb752faac7175b80ba8
| -rwxr-xr-x | src/rfc1035.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/rfc1035.c b/src/rfc1035.c index 8ae0bfa..e440e8a 100755 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -48,7 +48,7 @@ static int extract_name(HEADER *header, size_t plen, unsigned char **pp, /* end marker */ { /* check that there are the correct no of bytes after the name */ - if (!CHECK_LEN(header, p, plen, extrabytes)) + if (!CHECK_LEN(header, p1 ? p1 : p, plen, extrabytes)) return 0; if (isExtract) @@ -1142,6 +1142,9 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct crec *crecp; int nxdomain = 0, auth = 1, trunc = 0; struct mx_srv_record *rec; + + // Make sure we do not underflow here too. + if (qlen > (size_t)(limit - ((char *)header))) return 0; /* If there is an RFC2671 pseudoheader then it will be overwritten by partial replies, so we have to do a dry run to see if we can answer |