diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-13 20:33:46 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-13 20:33:46 +0000 |
| commit | 09a76c454dedfe07fedd1fc2616337c0515d47a5 (patch) | |
| tree | 2e29b5f8c53c80bbf310cf3b99166ef49a9fcc3d | |
| parent | 61b542ef379106207b419360c7f2761208e9dfbf (diff) | |
| parent | f09b94ba2d4f265d1ed676cb1ebf49616514f0f5 (diff) | |
| download | dnsmasq-nougat-mr1.1-release.tar.gz | |
Merge cherrypicks of [2891229, 2891249, 2891250, 2890684, 2890685, 2891070, 2891071, 2891269, 2891072, 2891073, 2891074, 2891075, 2891077, 2891079, 2891081, 2890238, 2890239, 2891231, 2891088, 2891349, 2891350, 2890242] into nyc-mr1-security-a-releaseandroid-7.1.1_r54nougat-mr1.1-release
Change-Id: Ida02869e17184a9cf79b337c11b71b5a067b484e
| -rwxr-xr-x | src/rfc1035.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/rfc1035.c b/src/rfc1035.c index 8ae0bfa..e440e8a 100755 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -48,7 +48,7 @@ static int extract_name(HEADER *header, size_t plen, unsigned char **pp, /* end marker */ { /* check that there are the correct no of bytes after the name */ - if (!CHECK_LEN(header, p, plen, extrabytes)) + if (!CHECK_LEN(header, p1 ? p1 : p, plen, extrabytes)) return 0; if (isExtract) @@ -1142,6 +1142,9 @@ size_t answer_request(HEADER *header, char *limit, size_t qlen, struct crec *crecp; int nxdomain = 0, auth = 1, trunc = 0; struct mx_srv_record *rec; + + // Make sure we do not underflow here too. + if (qlen > (size_t)(limit - ((char *)header))) return 0; /* If there is an RFC2671 pseudoheader then it will be overwritten by partial replies, so we have to do a dry run to see if we can answer |