[SR-Dev] git:ser_core_cvs: dns: minor fixes

Andrei Pelinescu-Onciul andrei at iptel.org
Tue Mar 31 19:23:00 CEST 2009


Module: sip-router
Branch: ser_core_cvs
Commit: 6082a27973483a25ffe2a091b3b1f2b261361aba
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6082a27973483a25ffe2a091b3b1f2b261361aba

Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date:   Tue Mar 31 17:06:00 2009 +0000

dns: minor fixes

- some dns record parsers need only the record end for their
  internal overflow checks, while others need also the message end
  (anything that expands compressed strings).

---

 resolve.c |   30 +++++++++++++++++-------------
 1 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/resolve.c b/resolve.c
index 9f55f3d..3504f0d 100644
--- a/resolve.c
+++ b/resolve.c
@@ -230,6 +230,7 @@ unsigned char* dns_skipname(unsigned char* p, unsigned char* end)
 /* parses the srv record into a srv_rdata structure
  *   msg   - pointer to the dns message
  *   end   - pointer to the end of the message
+ *   eor   - pointer to the end of the record/rdata
  *   rdata - pointer  to the rdata part of the srv answer
  * returns 0 on error, or a dyn. alloc'ed srv_rdata structure */
 /* SRV rdata format:
@@ -248,6 +249,7 @@ unsigned char* dns_skipname(unsigned char* p, unsigned char* end)
  * +----------------+
  */
 struct srv_rdata* dns_srv_parser( unsigned char* msg, unsigned char* end,
+								  unsigned char* eor,
 								  unsigned char* rdata)
 {
 	struct srv_rdata* srv;
@@ -258,7 +260,7 @@ struct srv_rdata* dns_srv_parser( unsigned char* msg, unsigned char* end,
 	char name[MAX_DNS_NAME];
 	
 	srv=0;
-	if ((rdata+6+1)>end) goto error;
+	if ((rdata+6+1)>eor) goto error;
 	
 	memcpy((void*)&priority, rdata, 2);
 	memcpy((void*)&weight,   rdata+2, 2);
@@ -292,6 +294,7 @@ error:
 /* parses the naptr record into a naptr_rdata structure
  *   msg   - pointer to the dns message
  *   end   - pointer to the end of the message
+ *   eor   - pointer to the end of the record/rdata
  *   rdata - pointer  to the rdata part of the naptr answer
  * returns 0 on error, or a dyn. alloc'ed naptr_rdata structure */
 /* NAPTR rdata format:
@@ -316,7 +319,8 @@ error:
  * +----------------+
  */
 struct naptr_rdata* dns_naptr_parser( unsigned char* msg, unsigned char* end,
-								  unsigned char* rdata)
+										unsigned char* eor,
+										unsigned char* rdata)
 {
 	struct naptr_rdata* naptr;
 	unsigned char* flags;
@@ -331,20 +335,20 @@ struct naptr_rdata* dns_naptr_parser( unsigned char* msg, unsigned char* end,
 	char repl[MAX_DNS_NAME];
 	
 	naptr = 0;
-	if ((rdata + 7 + 1)>end) goto error;
+	if ((rdata + 7 + 1)>eor) goto error;
 	
 	memcpy((void*)&order, rdata, 2);
 	memcpy((void*)&pref, rdata + 2, 2);
 	flags_len = rdata[4];
-	if ((rdata + 7 + 1 +  flags_len) > end)
+	if ((rdata + 7 + 1 +  flags_len) > eor)
 		goto error;
 	flags=rdata+5;
 	services_len = rdata[5 + flags_len];
-	if ((rdata + 7 + 1 + flags_len + services_len) > end)
+	if ((rdata + 7 + 1 + flags_len + services_len) > eor)
 		goto error;
 	services=rdata + 6 + flags_len;
 	regexp_len = rdata[6 + flags_len + services_len];
-	if ((rdata + 7 +1 + flags_len + services_len + regexp_len) > end)
+	if ((rdata + 7 +1 + flags_len + services_len + regexp_len) > eor)
 		goto error;
 	regexp=rdata + 7 + flags_len + services_len;
 	rdata = rdata + 7 + flags_len + services_len + regexp_len;
@@ -418,11 +422,11 @@ error:
 /* parses an A record rdata into an a_rdata structure
  * returns 0 on error or a dyn. alloc'ed a_rdata struct
  */
-struct a_rdata* dns_a_parser(unsigned char* rdata, unsigned char* end)
+struct a_rdata* dns_a_parser(unsigned char* rdata, unsigned char* eor)
 {
 	struct a_rdata* a;
 	
-	if (rdata+4>end) goto error;
+	if (rdata+4>eor) goto error;
 	a=(struct a_rdata*)local_malloc(sizeof(struct a_rdata));
 	if (a==0){
 		LOG(L_ERR, "ERROR: dns_a_parser: out of memory\n");
@@ -438,11 +442,11 @@ error:
 
 /* parses an AAAA (ipv6) record rdata into an aaaa_rdata structure
  * returns 0 on error or a dyn. alloc'ed aaaa_rdata struct */
-struct aaaa_rdata* dns_aaaa_parser(unsigned char* rdata, unsigned char* end)
+struct aaaa_rdata* dns_aaaa_parser(unsigned char* rdata, unsigned char* eor)
 {
 	struct aaaa_rdata* aaaa;
 	
-	if (rdata+16>end) goto error;
+	if (rdata+16>eor) goto error;
 	aaaa=(struct aaaa_rdata*)local_malloc(sizeof(struct aaaa_rdata));
 	if (aaaa==0){
 		LOG(L_ERR, "ERROR: dns_aaaa_parser: out of memory\n");
@@ -641,7 +645,7 @@ again:
 		}
 		switch(rtype){
 			case T_SRV:
-				srv_rd= dns_srv_parser(buff.buff, rd_end, p);
+				srv_rd= dns_srv_parser(buff.buff, end, rd_end, p);
 				rd->rdata=(void*)srv_rd;
 				if (unlikely(srv_rd==0)) goto error_parse;
 				
@@ -678,13 +682,13 @@ again:
 				last=&(rd->next);
 				break;
 			case T_CNAME:
-				rd->rdata=(void*) dns_cname_parser(buff.buff, rd_end, p);
+				rd->rdata=(void*) dns_cname_parser(buff.buff, end, p);
 				if(unlikely(rd->rdata==0)) goto error_parse;
 				*last=rd;
 				last=&(rd->next);
 				break;
 			case T_NAPTR:
-				rd->rdata=(void*) dns_naptr_parser(buff.buff, rd_end, p);
+				rd->rdata=(void*)dns_naptr_parser(buff.buff, end, rd_end, p);
 				if(unlikely(rd->rdata==0)) goto error_parse;
 				*last=rd;
 				last=&(rd->next);




More information about the sr-dev mailing list