Add some more checks
This commit is contained in:
parent
a211645d0a
commit
abe6de223d
14
msg.go
14
msg.go
|
@ -976,7 +976,7 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, err er
|
||||||
if off == rdend {
|
if off == rdend {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
if off+net.IPv6len > rdend {
|
if off+net.IPv6len > rdend || off+net.IPv6len > lenmsg {
|
||||||
return lenmsg, &Error{err: "overflow unpacking aaaa"}
|
return lenmsg, &Error{err: "overflow unpacking aaaa"}
|
||||||
}
|
}
|
||||||
fv.Set(reflect.ValueOf(net.IP{msg[off], msg[off+1], msg[off+2], msg[off+3], msg[off+4],
|
fv.Set(reflect.ValueOf(net.IP{msg[off], msg[off+1], msg[off+2], msg[off+3], msg[off+4],
|
||||||
|
@ -988,6 +988,9 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, err er
|
||||||
serv := make([]uint16, 0)
|
serv := make([]uint16, 0)
|
||||||
j := 0
|
j := 0
|
||||||
for off < rdend {
|
for off < rdend {
|
||||||
|
if off+1 > lenmsg {
|
||||||
|
return lenmsg, &Error{err: "overflow unpacking wks"}
|
||||||
|
}
|
||||||
b := msg[off]
|
b := msg[off]
|
||||||
// Check the bits one by one, and set the type
|
// Check the bits one by one, and set the type
|
||||||
if b&0x80 == 0x80 {
|
if b&0x80 == 0x80 {
|
||||||
|
@ -1023,7 +1026,7 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, err er
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
// Rest of the record is the type bitmap
|
// Rest of the record is the type bitmap
|
||||||
if off+2 > rdend {
|
if off+2 > rdend || off+2 > lenmsg {
|
||||||
return lenmsg, &Error{err: "overflow unpacking nsecx"}
|
return lenmsg, &Error{err: "overflow unpacking nsecx"}
|
||||||
}
|
}
|
||||||
nsec := make([]uint16, 0)
|
nsec := make([]uint16, 0)
|
||||||
|
@ -1037,15 +1040,18 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, err er
|
||||||
// A length window of zero is strange. If there
|
// A length window of zero is strange. If there
|
||||||
// the window should not have been specified. Bail out
|
// the window should not have been specified. Bail out
|
||||||
// println("dns: length == 0 when unpacking NSEC")
|
// println("dns: length == 0 when unpacking NSEC")
|
||||||
return lenmsg, ErrRdata
|
return lenmsg, &Error{err: "overflow unpacking nsecx"}
|
||||||
}
|
}
|
||||||
if length > 32 {
|
if length > 32 {
|
||||||
return lenmsg, ErrRdata
|
return lenmsg, &Error{err: "overflow unpacking nsecx"}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Walk the bytes in the window - and check the bit settings...
|
// Walk the bytes in the window - and check the bit settings...
|
||||||
off += 2
|
off += 2
|
||||||
for j := 0; j < length; j++ {
|
for j := 0; j < length; j++ {
|
||||||
|
if off+j+1 > lenmsg {
|
||||||
|
return lenmsg, &Error{err: "overflow unpacking nsecx"}
|
||||||
|
}
|
||||||
b := msg[off+j]
|
b := msg[off+j]
|
||||||
// Check the bits one by one, and set the type
|
// Check the bits one by one, and set the type
|
||||||
if b&0x80 == 0x80 {
|
if b&0x80 == 0x80 {
|
||||||
|
|
|
@ -1115,11 +1115,14 @@ func TestTxtLong(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestMalformedPacket1(t *testing.T) {
|
func TestMalformedPackets(t *testing.T) {
|
||||||
packet := "00441553000000010000000000010563646e6a730a636c6f7564666c61726503636f6d0363646e0a636c6f7564666c617265036e657400001c00010000291000000080000000"
|
var packets = []string{
|
||||||
data, _ := hex.DecodeString(packet)
|
"0021641c000000010000000000000b757361706f6f6c70726f7303636f6d0000100001",
|
||||||
|
}
|
||||||
|
|
||||||
// This crashes godns
|
for _, packet := range packets {
|
||||||
var msg Msg
|
data, _ := hex.DecodeString(packet)
|
||||||
msg.Unpack(data)
|
var msg Msg
|
||||||
|
msg.Unpack(data)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue