From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4189
Path: news.gmane.org!not-for-mail
From: Rich Felker <dalias@aerifal.cx>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: [PATCH] Fix dn_expand pointer following
Date: Tue, 5 Nov 2013 14:18:40 -0500
Message-ID: <20131105191840.GD24286@brightrain.aerifal.cx>
References: <1383630237-2700-1-git-send-email-mforney@mforney.org>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1383679130 31261 80.91.229.3 (5 Nov 2013 19:18:50 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 5 Nov 2013 19:18:50 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-4193-gllmg-musl=m.gmane.org@lists.openwall.com Tue Nov 05 20:18:56 2013
Return-path: <musl-return-4193-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-4193-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1Vdm9O-0005xQ-8e
	for gllmg-musl@plane.gmane.org; Tue, 05 Nov 2013 20:18:54 +0100
Original-Received: (qmail 3633 invoked by uid 550); 5 Nov 2013 19:18:53 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 3623 invoked from network); 5 Nov 2013 19:18:53 -0000
Content-Disposition: inline
In-Reply-To: <1383630237-2700-1-git-send-email-mforney@mforney.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Xref: news.gmane.org gmane.linux.lib.musl.general:4189
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/4189>

On Mon, Nov 04, 2013 at 09:43:57PM -0800, Michael Forney wrote:
> ---
> While looking over the dn_{comp,expand} functions, I noticed that this looked
> wrong in dn_expand.
> 
> http://www.ietf.org/rfc/rfc1035.txt says that if the first two bits are 1s
> (i.e., *p & 0xc0), then the remaining 14 bits specify the offset.

Indeed. The code was just written for internal use in musl, which only
performs UDP queries, limiting the packet size to 512 bytes. Thus only
9 bits can be set in a valid packet. However it probably makes sense
to read the whole value anyway in case the caller of dn_expand was
using tcp or just to better reject invalid packets.

Rich