From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4181
Path: news.gmane.org!not-for-mail
From: Michael Forney <mforney@mforney.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: [PATCH] Fix dn_expand pointer following
Date: Mon,  4 Nov 2013 21:43:57 -0800
Message-ID: <1383630237-2700-1-git-send-email-mforney@mforney.org>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1383630271 26333 80.91.229.3 (5 Nov 2013 05:44:31 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 5 Nov 2013 05:44:31 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-4185-gllmg-musl=m.gmane.org@lists.openwall.com Tue Nov 05 06:44:37 2013
Return-path: <musl-return-4185-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-4185-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1VdZRN-0000QQ-QB
	for gllmg-musl@plane.gmane.org; Tue, 05 Nov 2013 06:44:37 +0100
Original-Received: (qmail 7885 invoked by uid 550); 5 Nov 2013 05:44:37 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 7874 invoked from network); 5 Nov 2013 05:44:37 -0000
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:to:subject:date:message-id;
        bh=mIm6KrUn+ncVRsbBSzisEHviAmLudvvpolr1Jn9CCgA=;
        b=eCz/HCllXd3Hh7LYAZFTmqj4N/5t0Fm8/A9S6+kLEYXHpo+CTV/8cPVkVrNDtyt2h6
         qw/tZrAPJp5u4A1Mo5rjl7FPlXRWcSAVJ8EKQmRKg4rj5Fr5UQ5+iUQMrhdPyafNFSlS
         jdWZtAaFrawAUa90irY7Bnuxsjym1Qs0fkCzFSjSYfGintbyEQwq/AkOy+QoTe8LopAU
         dTecmMP1RIssj0BPsCBueTXEaVaZ6KBXTuE4VVzvHqQXwzXyc+ZsyqdADnOupO+SSFnY
         QLOikUCHbOs97Y5yLlrCIR/8P/FDaTx5d2xTvjyQNnXIquUut0qMUFXz0OAp3uUmRJ3y
         UHwA==
X-Gm-Message-State: ALoCoQmo28TVdGwVIoZfc5KRzSYfEq3TEqhCki0mUUEa9ldBmWn6X7MD9tj3AvmpEwAqfZAG7oOn
X-Received: by 10.236.63.10 with SMTP id z10mr16707572yhc.28.1383630265187;
        Mon, 04 Nov 2013 21:44:25 -0800 (PST)
X-Mailer: git-send-email 1.8.4.2
Xref: news.gmane.org gmane.linux.lib.musl.general:4181
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/4181>

---
While looking over the dn_{comp,expand} functions, I noticed that this looked
wrong in dn_expand.

http://www.ietf.org/rfc/rfc1035.txt says that if the first two bits are 1s
(i.e., *p & 0xc0), then the remaining 14 bits specify the offset.

I haven't actually seen this manifest anywhere, and I have only tested up to
compilation.

 src/network/dn_expand.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/network/dn_expand.c b/src/network/dn_expand.c
index 4e02e3d..96adf37 100644
--- a/src/network/dn_expand.c
+++ b/src/network/dn_expand.c
@@ -10,7 +10,7 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsig
 	for (;;) {
 		if (*p & 0xc0) {
 			if (p+1==end) return -1;
-			j = (p[0]&1) | p[1];
+			j = ((p[0] & 0x3f) << 8) | p[1];
 			if (len < 0) len = p+2-src;
 			if (j >= end-base) return -1;
 			p = base+j;
-- 
1.8.4.2