Hello,


On 2012/08/22, at 19:32, cinap_lenrek@gmx.de wrote:

the result check of that serveraddr() call should really be:

if (j < 0 || j > Maxdest) {
dnslog("serveraddrs() result %d out of range", j);
abort();
}
qp->curdest = &qp->dest[j];

what happens if j == Maxdest ? note that j is index.

I  rather notice the foolowing code.

/* use any addresses that we found */
for(trp = arp; trp && nd < Maxdest; trp = trp->next){
cur = &qp->dest[nd];
parseip(cur->a, trp->ip->name);
/*
* straddling servers can reject all nameservers if they are all
* inside, so be sure to list at least one outside ns at
* the end of the ns list in /lib/ndb for `dom='.
*/
if (ipisbm(cur->a) ||
   cfg.straddle && !insideaddr(qp->dp->name) && insidens(cur->a))
continue;
cur->nx = 0;
cur->s = trp->owner;
cur->code = Rtimeout;
nd++;
}
lock(&dnlock);
rrfreelist(arp);
unlock(&dnlock);
return nd;

returned value may be Maxdest. 
This code is in function serveraddrs(), and the function must return index. (must not be Maxdest)

Kenji Arisawa