[SR-Dev] git:ser_core_cvs: dns: minor fixes
Andrei Pelinescu-Onciul
andrei at iptel.org
Tue Mar 31 19:23:00 CEST 2009
Module: sip-router
Branch: ser_core_cvs
Commit: 6082a27973483a25ffe2a091b3b1f2b261361aba
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6082a27973483a25ffe2a091b3b1f2b261361aba
Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date: Tue Mar 31 17:06:00 2009 +0000
dns: minor fixes
- some dns record parsers need only the record end for their
internal overflow checks, while others need also the message end
(anything that expands compressed strings).
---
resolve.c | 30 +++++++++++++++++-------------
1 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/resolve.c b/resolve.c
index 9f55f3d..3504f0d 100644
--- a/resolve.c
+++ b/resolve.c
@@ -230,6 +230,7 @@ unsigned char* dns_skipname(unsigned char* p, unsigned char* end)
/* parses the srv record into a srv_rdata structure
* msg - pointer to the dns message
* end - pointer to the end of the message
+ * eor - pointer to the end of the record/rdata
* rdata - pointer to the rdata part of the srv answer
* returns 0 on error, or a dyn. alloc'ed srv_rdata structure */
/* SRV rdata format:
@@ -248,6 +249,7 @@ unsigned char* dns_skipname(unsigned char* p, unsigned char* end)
* +----------------+
*/
struct srv_rdata* dns_srv_parser( unsigned char* msg, unsigned char* end,
+ unsigned char* eor,
unsigned char* rdata)
{
struct srv_rdata* srv;
@@ -258,7 +260,7 @@ struct srv_rdata* dns_srv_parser( unsigned char* msg, unsigned char* end,
char name[MAX_DNS_NAME];
srv=0;
- if ((rdata+6+1)>end) goto error;
+ if ((rdata+6+1)>eor) goto error;
memcpy((void*)&priority, rdata, 2);
memcpy((void*)&weight, rdata+2, 2);
@@ -292,6 +294,7 @@ error:
/* parses the naptr record into a naptr_rdata structure
* msg - pointer to the dns message
* end - pointer to the end of the message
+ * eor - pointer to the end of the record/rdata
* rdata - pointer to the rdata part of the naptr answer
* returns 0 on error, or a dyn. alloc'ed naptr_rdata structure */
/* NAPTR rdata format:
@@ -316,7 +319,8 @@ error:
* +----------------+
*/
struct naptr_rdata* dns_naptr_parser( unsigned char* msg, unsigned char* end,
- unsigned char* rdata)
+ unsigned char* eor,
+ unsigned char* rdata)
{
struct naptr_rdata* naptr;
unsigned char* flags;
@@ -331,20 +335,20 @@ struct naptr_rdata* dns_naptr_parser( unsigned char* msg, unsigned char* end,
char repl[MAX_DNS_NAME];
naptr = 0;
- if ((rdata + 7 + 1)>end) goto error;
+ if ((rdata + 7 + 1)>eor) goto error;
memcpy((void*)&order, rdata, 2);
memcpy((void*)&pref, rdata + 2, 2);
flags_len = rdata[4];
- if ((rdata + 7 + 1 + flags_len) > end)
+ if ((rdata + 7 + 1 + flags_len) > eor)
goto error;
flags=rdata+5;
services_len = rdata[5 + flags_len];
- if ((rdata + 7 + 1 + flags_len + services_len) > end)
+ if ((rdata + 7 + 1 + flags_len + services_len) > eor)
goto error;
services=rdata + 6 + flags_len;
regexp_len = rdata[6 + flags_len + services_len];
- if ((rdata + 7 +1 + flags_len + services_len + regexp_len) > end)
+ if ((rdata + 7 +1 + flags_len + services_len + regexp_len) > eor)
goto error;
regexp=rdata + 7 + flags_len + services_len;
rdata = rdata + 7 + flags_len + services_len + regexp_len;
@@ -418,11 +422,11 @@ error:
/* parses an A record rdata into an a_rdata structure
* returns 0 on error or a dyn. alloc'ed a_rdata struct
*/
-struct a_rdata* dns_a_parser(unsigned char* rdata, unsigned char* end)
+struct a_rdata* dns_a_parser(unsigned char* rdata, unsigned char* eor)
{
struct a_rdata* a;
- if (rdata+4>end) goto error;
+ if (rdata+4>eor) goto error;
a=(struct a_rdata*)local_malloc(sizeof(struct a_rdata));
if (a==0){
LOG(L_ERR, "ERROR: dns_a_parser: out of memory\n");
@@ -438,11 +442,11 @@ error:
/* parses an AAAA (ipv6) record rdata into an aaaa_rdata structure
* returns 0 on error or a dyn. alloc'ed aaaa_rdata struct */
-struct aaaa_rdata* dns_aaaa_parser(unsigned char* rdata, unsigned char* end)
+struct aaaa_rdata* dns_aaaa_parser(unsigned char* rdata, unsigned char* eor)
{
struct aaaa_rdata* aaaa;
- if (rdata+16>end) goto error;
+ if (rdata+16>eor) goto error;
aaaa=(struct aaaa_rdata*)local_malloc(sizeof(struct aaaa_rdata));
if (aaaa==0){
LOG(L_ERR, "ERROR: dns_aaaa_parser: out of memory\n");
@@ -641,7 +645,7 @@ again:
}
switch(rtype){
case T_SRV:
- srv_rd= dns_srv_parser(buff.buff, rd_end, p);
+ srv_rd= dns_srv_parser(buff.buff, end, rd_end, p);
rd->rdata=(void*)srv_rd;
if (unlikely(srv_rd==0)) goto error_parse;
@@ -678,13 +682,13 @@ again:
last=&(rd->next);
break;
case T_CNAME:
- rd->rdata=(void*) dns_cname_parser(buff.buff, rd_end, p);
+ rd->rdata=(void*) dns_cname_parser(buff.buff, end, p);
if(unlikely(rd->rdata==0)) goto error_parse;
*last=rd;
last=&(rd->next);
break;
case T_NAPTR:
- rd->rdata=(void*) dns_naptr_parser(buff.buff, rd_end, p);
+ rd->rdata=(void*)dns_naptr_parser(buff.buff, end, rd_end, p);
if(unlikely(rd->rdata==0)) goto error_parse;
*last=rd;
last=&(rd->next);
More information about the sr-dev
mailing list