Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 11:25:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 1451928 - loop detection added for the TRR CNAME parser r=valentin

Browse Source 
MozReview-Commit-ID: 8vLjS7hOYKU

--HG--
extra : rebase_source : 69b82c3df7db7d19f0667e9de0c6c67b7c7794fe
This commit is contained in:
Daniel Stenberg 2018-04-06 00:47:15 +02:00
parent 80e0b61efb
commit 11c34a5b83
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
netwerk/dns/TRR.cpp
View File

@ -622,6 +622,7 @@ TRR::DohDecode()
if (mCname.IsEmpty()) {
uint8_t clength = 0;
unsigned int cindex = index;
unsigned int loop = 128; // a valid DNS name can never loop this much
do {
if (cindex >= mBodySize) {
LOG(("TRR: bad cname packet\n"));
@ -654,7 +655,12 @@ TRR::DohDecode()
mCname.Append((const char *)(&mResponse[cindex]), clength);
cindex += clength; // skip label
}
} while (clength);
} while (clength && --loop);
if (!loop) {
LOG(("TRR::DohDecode pointer loop error\n"));
return NS_ERROR_ILLEGAL_VALUE;
}
LOG(("TRR::DohDecode CNAME host %s => %s\n",
host.get(), mCname.get()));