Changeset 481 for trunk/src/sh_static.c
- Timestamp:
- Jul 18, 2015, 5:06:52 PM (10 years ago)
- File:
-
- 1 edited
-
trunk/src/sh_static.c (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/sh_static.c
r473 r481 999 999 return -1; 1000 1000 1001 while ((l = data[offset++])) { 1001 while ((l = data[offset])) { 1002 1003 if (offset < INT_MAX) 1004 offset++; 1005 else 1006 return -1; 1002 1007 1003 1008 if ((l & 0xc0) == (0xc0)) { 1004 offset++; 1009 if (offset < INT_MAX) 1010 offset++; 1011 else 1012 return -1; 1005 1013 break; 1006 1014 } 1007 1015 1008 offset += l; 1016 if (offset <= (INT_MAX - l)) 1017 offset += l; 1018 else 1019 return -1; 1009 1020 } 1010 1021 … … 1019 1030 if (i < 0) 1020 1031 return i; 1021 1022 return i + 4; 1032 if (i < (INT_MAX - 4)) 1033 return i + 4; 1034 else 1035 return -1; 1023 1036 } 1024 1037 … … 1036 1049 if (!data) 1037 1050 return -1; 1038 1039 while ((l=data[offset++])) { 1040 if (measure) 1051 while ((l=data[offset])) { 1052 if (offset < INT_MAX) offset++; 1053 else return -1; 1054 if (measure && (total < INT_MAX)) 1041 1055 total++; 1042 1056 if ((l & 0xc0) == (0xc0)) { 1043 if (measure)1057 if (measure && (total < INT_MAX)) 1044 1058 total++; 1045 /* compressed item, redirect */1059 /* compressed item, redirect */ 1046 1060 offset = ((l & 0x3f) << 8) | data[offset]; 1061 if (offset < 0) 1062 return -1; 1047 1063 measure = 0; 1048 1064 continue; 1049 1065 } 1066 1067 if (used >= (INT_MAX - l)) 1068 return -1; 1050 1069 1051 1070 if ((used + l + 1) >= maxlen) 1052 return -1;1071 return -1; 1053 1072 1054 1073 memcpy(dest + used, data + offset, l); 1055 offset += l; 1056 used += l; 1057 if (measure) 1074 1075 if (offset <= (INT_MAX - l)) 1076 offset += l; 1077 else 1078 return -1; 1079 1080 if (used <= (INT_MAX - l)) 1081 used += l; 1082 else 1083 return -1; 1084 if (measure && (total <= (INT_MAX - l))) 1058 1085 total += l; 1059 1086 1087 if (used == INT_MAX) 1088 return -1; 1060 1089 if (data[offset] != 0) 1061 1090 dest[used++] = '.'; … … 1065 1094 1066 1095 /* The null byte must be counted too */ 1067 if (measure ) {1096 if (measure && (total < INT_MAX)) { 1068 1097 total++; 1069 1098 } … … 1078 1107 { 1079 1108 char temp[256]; 1080 int i ;1109 int i = 0; 1081 1110 1082 1111 i = __decode_dotted(message, offset, temp, sizeof(temp)); … … 1084 1113 return i; 1085 1114 1086 message += offset + i; 1115 if (offset <= (INT_MAX - i)) 1116 message += offset + i; 1117 else 1118 return -1; 1087 1119 1088 1120 a->dotted = strdup(temp); … … 1101 1133 DPRINTF("i=%d,rdlength=%d\n", i, a->rdlength); 1102 1134 1103 return i + RRFIXEDSZ + a->rdlength; 1135 if (RRFIXEDSZ <= (INT_MAX - i)) 1136 i += RRFIXEDSZ; 1137 else 1138 return -1; 1139 if (a->rdlength <= (INT_MAX - i)) 1140 return i + a->rdlength; 1141 else 1142 return -1; 1104 1143 } 1105 1144 … … 1148 1187 1149 1188 dest += i; 1189 if (maxlen < i) 1190 return -1; 1150 1191 maxlen -= i; 1151 1192 … … 1158 1199 dest[3] = (q->qclass & 0x00ff) >> 0; 1159 1200 1160 return i + 4; 1201 if (i <= (INT_MAX - 4)) 1202 return i + 4; 1203 else 1204 return -1; 1161 1205 } 1162 1206
Note:
See TracChangeset
for help on using the changeset viewer.
