check compression pointers

diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index 4c723005c3e28a5d521bdafaef6bd3f92832b070..26c54fdc3166a4d66eac0067a436c198e032beee 100644 (file)
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -39,7 +39,10 @@ void DNSName::packetParser(const char* pos, int len, int offset, bool uncompress
       labellen &= (~0xc0);
       int newpos = (labellen << 8) + *(const unsigned char*)pos;
 
-      packetParser(opos, len, newpos, labelAdded);
+      if(newpos < len)
+        packetParser(opos, len, newpos, labelAdded);
+      else
+        throw std::range_error("Found an invalid compression pointer");
       pos++;
       break;
     }

diff --git a/pdns/test-dnsname_cc.cc b/pdns/test-dnsname_cc.cc
index 42d644957231a01ddeb5dfb43c441bcb4720d542..f48f5e26da8f5ac368bd5ad768bd625340ab5f12 100644 (file)
--- a/pdns/test-dnsname_cc.cc
+++ b/pdns/test-dnsname_cc.cc
@@ -381,6 +381,13 @@ BOOST_AUTO_TEST_CASE(test_compression) { // Compression test
   BOOST_CHECK_EQUAL(dn.toString(), "www.example.com.");
 }
 
+BOOST_AUTO_TEST_CASE(test_bad_compression_pointer) { // Pointing beyond packet boundary
+
+  std::string name("\x03""com\x00""\x07""example\xc0""\x11""xc0""\x00", 17);
+
+  BOOST_CHECK_THROW(DNSName dn(name.c_str(), name.length(), 5, true), std::range_error);
+}
+
 BOOST_AUTO_TEST_CASE(test_compression_loop) { // Compression loop (add one label)
 
   std::string name("\x03""www\xc0""\x00", 6);