GNOME.org
 

[glib: 8/13] gthreadedresolver: Limit length of each record to its stated rdlength


commit 08dee06b59cc0ca909291c40b7765398fd4e10bc
Author: Philip Withnall <pwithnall endlessos org>
Date:   Fri Mar 18 16:19:44 2022 +0000

    gthreadedresolver: Limit length of each record to its stated rdlength
    
    Rather than limiting them to the full length of the answer, which may
    include subsequent records.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>

 gio/gthreadedresolver.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)
---
diff --git a/gio/gthreadedresolver.c b/gio/gthreadedresolver.c
index 63a852d596..143f4570be 100644
--- a/gio/gthreadedresolver.c
+++ b/gio/gthreadedresolver.c
@@ -836,6 +836,15 @@ g_resolver_records_from_res_query (const gchar      *rrname,
       p += 4; /* ignore the ttl (type=long) value */
       GETSHORT (rdlength, p);
 
+      if (end - p < rdlength)
+        {
+          g_set_error (&parsing_error, G_RESOLVER_ERROR, G_RESOLVER_ERROR_INTERNAL,
+                       /* Translators: the first placeholder is a domain name, the
+                        * second is an error message */
+                       _("Error resolving ā€œ%sā€: %s"), rrname, _("Malformed DNS packet"));
+          break;
+        }
+
       if (type != rrtype || qclass != C_IN)
         {
           p += rdlength;
@@ -845,16 +854,16 @@ g_resolver_records_from_res_query (const gchar      *rrname,
       switch (rrtype)
         {
         case T_SRV:
-          record = parse_res_srv (answer, end, &p, &parsing_error);
+          record = parse_res_srv (answer, p + rdlength, &p, &parsing_error);
           break;
         case T_MX:
-          record = parse_res_mx (answer, end, &p, &parsing_error);
+          record = parse_res_mx (answer, p + rdlength, &p, &parsing_error);
           break;
         case T_SOA:
-          record = parse_res_soa (answer, end, &p, &parsing_error);
+          record = parse_res_soa (answer, p + rdlength, &p, &parsing_error);
           break;
         case T_NS:
-          record = parse_res_ns (answer, end, &p, &parsing_error);
+          record = parse_res_ns (answer, p + rdlength, &p, &parsing_error);
           break;
         case T_TXT:
           record = parse_res_txt (answer, p + rdlength, &p, &parsing_error);
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]