From: Kees Monshouwer <mind04@monshouwer.org>
Date: Mon, 13 Apr 2015 20:48:50 +0000 (+0200)
Subject: check compression pointers
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~88^2~9^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c6d5a9431ec28b8af03d20fe1914916f22e6dcff;p=pdns

check compression pointers
---

diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index 4c723005c..26c54fdc3 100644
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -39,7 +39,10 @@ void DNSName::packetParser(const char* pos, int len, int offset, bool uncompress
       labellen &= (~0xc0);
       int newpos = (labellen << 8) + *(const unsigned char*)pos;
 
-      packetParser(opos, len, newpos, labelAdded);
+      if(newpos < len)
+        packetParser(opos, len, newpos, labelAdded);
+      else
+        throw std::range_error("Found an invalid compression pointer");
       pos++;
       break;
     }
diff --git a/pdns/test-dnsname_cc.cc b/pdns/test-dnsname_cc.cc
index 42d644957..f48f5e26d 100644
--- a/pdns/test-dnsname_cc.cc
+++ b/pdns/test-dnsname_cc.cc
@@ -381,6 +381,13 @@ BOOST_AUTO_TEST_CASE(test_compression) { // Compression test
   BOOST_CHECK_EQUAL(dn.toString(), "www.example.com.");
 }
 
+BOOST_AUTO_TEST_CASE(test_bad_compression_pointer) { // Pointing beyond packet boundary
+
+  std::string name("\x03""com\x00""\x07""example\xc0""\x11""xc0""\x00", 17);
+
+  BOOST_CHECK_THROW(DNSName dn(name.c_str(), name.length(), 5, true), std::range_error);
+}
+
 BOOST_AUTO_TEST_CASE(test_compression_loop) { // Compression loop (add one label)
 
   std::string name("\x03""www\xc0""\x00", 6);