From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <44b3232235d0068cf251d2005740321a@rei2.9hal> Date: Wed, 22 Aug 2012 16:47:47 +0200 From: cinap_lenrek@gmx.de To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] dns Topicbox-Message-UUID: add13318-ead7-11e9-9d60-3106f5b1d025 this is interesting. the p != qp->curdest check would just support my point because it effectively checks if p is valid. if p would be at qp->curdest, it would be past the last valid entry and hence invalid so its not written. but theres another thing, look in queryns() how p comes to be: /* find responder */ // dnslog("queryns got reply from %I", srcip); for(p = qp->dest; p < qp->curdest; p++) if(memcmp(p->a, srcip, sizeof p->a) == 0) break; for(np = qp->dest; np < qp->curdest; np++) if(np->s == p->s) <-- oops, p might be qp->curdest here p->nx = Maxtrans; <-- fuck! rv = procansw(qp, &m, srcip, depth, p); i think we also need to check p != qp->curdest before that 2nd for loop or it would trash the entry at curdist. @@ -1439,9 +1438,10 @@ break; /* remove all addrs of responding server from list */ - for(np = qp->dest; np < qp->curdest; np++) - if(np->s == p->s) - p->nx = Maxtrans; + if(p != qp->curdest) + for(np = qp->dest; np < qp->curdest; np++) + if(np->s == p->s) + p->nx = Maxtrans; /* free or incorporate RRs in m */ rv = procansw(qp, &m, srcip, depth, p); -- cinap