From 2fa66c3b9348d179e478d3d584471ee8989c3f6e Mon Sep 17 00:00:00 2001 From: Nikhil Agrawal Date: Thu, 20 Dec 2018 10:50:59 +0530 Subject: [PATCH] BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error In dns_read_name() when dns name is used with compression and start position of name is greater than 255 name read is incorrect and causes invalid dns error. eg: 0xc11b c specifies name compression being used. 11b represent the start position of name but currently we are using only 1b for start position. This should be backported as far as 1.7. --- src/dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dns.c b/src/dns.c index 78d8f52f2..1d91e4381 100644 --- a/src/dns.c +++ b/src/dns.c @@ -417,7 +417,7 @@ int dns_read_name(unsigned char *buffer, unsigned char *bufend, if (depth++ > 100) goto err; - n = dns_read_name(buffer, bufend, buffer + reader[1], + n = dns_read_name(buffer, bufend, buffer + (*reader & 0x3f)*256 + reader[1], dest, dest_len - nb_bytes, offset, depth); if (n == 0) goto err;