diff options
author | 2020-05-14 06:08:40 +0000 | |
---|---|---|
committer | 2020-05-14 06:08:40 +0000 | |
commit | 308d25095010cc66b1b67286e27e62e265360b59 (patch) | |
tree | d0eade07702d4b6112c7bd5e4ffd7908f5029c74 /usr.sbin/nsd/packet.c | |
parent | We forgot to keep ChangeLog in sync in previous updates. (diff) | |
download | wireguard-openbsd-308d25095010cc66b1b67286e27e62e265360b59.tar.xz wireguard-openbsd-308d25095010cc66b1b67286e27e62e265360b59.zip |
Update to 4.3.1
Testing & OK sthen
Diffstat (limited to 'usr.sbin/nsd/packet.c')
-rw-r--r-- | usr.sbin/nsd/packet.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/usr.sbin/nsd/packet.c b/usr.sbin/nsd/packet.c index 0643202ae94..701453d8fdc 100644 --- a/usr.sbin/nsd/packet.c +++ b/usr.sbin/nsd/packet.c @@ -348,12 +348,19 @@ int packet_find_notify_serial(buffer_type *packet, uint32_t* serial) { size_t saved_position = buffer_position(packet); /* count of further RRs after question section */ - size_t rrcount = ANCOUNT(packet) + NSCOUNT(packet) + ARCOUNT(packet); + size_t rrcount = (size_t)ANCOUNT(packet) + (size_t)NSCOUNT(packet) + (size_t)ARCOUNT(packet); + size_t qcount = (size_t)QDCOUNT(packet); size_t i; buffer_set_position(packet, QHEADERSZ); + if(qcount > 64 || rrcount > 65530) { + /* query count 0 or 1 only, rr number limited by 64k packet, + * and should not be impossibly high, parse error */ + buffer_set_position(packet, saved_position); + return 0; + } /* skip all question RRs */ - for (i = 0; i < QDCOUNT(packet); ++i) { + for (i = 0; i < qcount; ++i) { if (!packet_skip_rr(packet, 1)) { buffer_set_position(packet, saved_position); return 0; |