From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6071 Path: news.gmane.org!not-for-mail From: Natanael Copa Newsgroups: gmane.linux.lib.musl.general Subject: Re: [PATCH] fix handling of zero length domain names in dn_expand Date: Thu, 4 Sep 2014 22:22:16 +0200 Message-ID: <20140904222216.3b40e730@ncopa-laptop> References: <1407918101-3407-1-git-send-email-ncopa@alpinelinux.org> <20140904095039.496f5810@ncopa-desktop.alpinelinux.org> <20140904170726.GC10361@port70.net> <20140904181128.GD10361@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1409862161 27207 80.91.229.3 (4 Sep 2014 20:22:41 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 4 Sep 2014 20:22:41 +0000 (UTC) Cc: musl@lists.openwall.com To: Szabolcs Nagy Original-X-From: musl-return-6084-gllmg-musl=m.gmane.org@lists.openwall.com Thu Sep 04 22:22:35 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1XPdY9-0002t0-M6 for gllmg-musl@plane.gmane.org; Thu, 04 Sep 2014 22:22:33 +0200 Original-Received: (qmail 15666 invoked by uid 550); 4 Sep 2014 20:22:32 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 15656 invoked from network); 4 Sep 2014 20:22:32 -0000 In-Reply-To: <20140904181128.GD10361@port70.net> X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.23; x86_64-alpine-linux-musl) Xref: news.gmane.org gmane.linux.lib.musl.general:6071 Archived-At: On Thu, 4 Sep 2014 20:11:29 +0200 Szabolcs Nagy wrote: > From 1a068a048b64999f97add01ce8f5013a83b0e916 Mon Sep 17 00:00:00 2001 > From: Szabolcs Nagy > Date: Thu, 4 Sep 2014 18:29:16 +0200 > Subject: [PATCH] fix dn_expand empty name handling and offsets to 0 > > Empty name was rejected in dn_expand since commit > 56b57f37a46dab432247bf29d96fcb11fbd02a6d > which is a regression as reported by Natanael Copa. > > Furthermore if an offset pointer in a compressed name > pointed to a terminating 0 byte (instead of a label) > the returned name was not null terminated. > --- > src/network/dn_expand.c | 14 ++++++++------ > 1 file changed, 8 insertions(+), 6 deletions(-) > > diff --git a/src/network/dn_expand.c b/src/network/dn_expand.c > index 849df19..d1ebebf 100644 > --- a/src/network/dn_expand.c > +++ b/src/network/dn_expand.c > @@ -5,8 +5,8 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsig > { > const unsigned char *p = src; > char *dend = dest + (space > 254 ? 254 : space); > - int len = -1, i, j; > - if (p==end || !*p) return -1; > + int len = -1, i, j, first = 1; How about, instead of adding int first, we do: char *dest_start = dest; > + if (p==end || dest==dend) return -1; > /* detect reference loop using an iteration counter */ > for (i=0; i < end-base; i+=2) { > if (*p & 0xc0) { > @@ -16,11 +16,13 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsig > if (j >= end-base) return -1; > p = base+j; > } else if (*p) { > - j = *p+1; > - if (j>=end-p || j>dend-dest) return -1; > - while (--j) *dest++ = *++p; > - *dest++ = *++p ? '.' : 0; > + if (!first) *dest++ = '.'; > + first = 0; and instead of the 2 above: if (dest != dest_start) *dest++ = '.'; > + j = *p++; > + if (j >= end-p || j >= dend-dest) return -1; > + while (j--) *dest++ = *p++; > } else { > + *dest = 0; > if (len < 0) len = p+1-src; > return len; > } -nc