Check that offset < len in DNSName constructor

Otherwise, we might call memchr() with garbage, as len and offset
are signed but memchr()'s n is unsigned (size_t).

diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index 8bee721a84306ce1d4d1e7eecf5f3f722da45a94..9aed6e1f4c3bbe1dba25347ee9396e5f3e3a1e1e 100644 (file)
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -32,6 +32,9 @@ DNSName::DNSName(const char* p)
 
 DNSName::DNSName(const char* pos, int len, int offset, bool uncompress, uint16_t* qtype, uint16_t* qclass, unsigned int* consumed)
 {
+  if (offset >= len)
+    throw std::range_error("Trying to read past the end of the buffer");
+
   if(!uncompress) {
     if(const void * fnd=memchr(pos+offset, 0, len-offset)) {
       d_storage.reserve(2+(const char*)fnd-(pos+offset));