git:ser_core_cvs: dns: minor fixes - sr-dev

31 Mar 2009

Module: sip-router
Branch: ser_core_cvs
Commit: 6082a27973483a25ffe2a091b3b1f2b261361aba
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=6082a279...
Author: Andrei Pelinescu-Onciul andrei@iptel.org
Committer: Andrei Pelinescu-Onciul andrei@iptel.org
Date:   Tue Mar 31 17:06:00 2009 +0000
dns: minor fixes
- some dns record parsers need only the record end for their
  internal overflow checks, while others need also the message end
  (anything that expands compressed strings).
---
resolve.c |   30 +++++++++++++++++-------------
 1 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/resolve.c b/resolve.c
index 9f55f3d..3504f0d 100644
--- a/resolve.c
+++ b/resolve.c
@@ -230,6 +230,7 @@ unsigned char* dns_skipname(unsigned char* p, unsigned char* end)
 /* parses the srv record into a srv_rdata structure
  *   msg   - pointer to the dns message
  *   end   - pointer to the end of the message
+ *   eor   - pointer to the end of the record/rdata
  *   rdata - pointer  to the rdata part of the srv answer
  * returns 0 on error, or a dyn. alloc'ed srv_rdata structure */
 /* SRV rdata format:
@@ -248,6 +249,7 @@ unsigned char* dns_skipname(unsigned char* p, unsigned char* end)
  * +----------------+
  */
 struct srv_rdata* dns_srv_parser( unsigned char* msg, unsigned char* end,
+								  unsigned char* eor,
    							  unsigned char* rdata)
 {
    struct srv_rdata* srv;
@@ -258,7 +260,7 @@ struct srv_rdata* dns_srv_parser( unsigned char* msg, unsigned char* end,
    char name[MAX_DNS_NAME];
    
    srv=0;
-	if ((rdata+6+1)>end) goto error;
+	if ((rdata+6+1)>eor) goto error;
    
    memcpy((void*)&priority, rdata, 2);
    memcpy((void*)&weight,   rdata+2, 2);
@@ -292,6 +294,7 @@ error:
 /* parses the naptr record into a naptr_rdata structure
  *   msg   - pointer to the dns message
  *   end   - pointer to the end of the message
+ *   eor   - pointer to the end of the record/rdata
  *   rdata - pointer  to the rdata part of the naptr answer
  * returns 0 on error, or a dyn. alloc'ed naptr_rdata structure */
 /* NAPTR rdata format:
@@ -316,7 +319,8 @@ error:
  * +----------------+
  */
 struct naptr_rdata* dns_naptr_parser( unsigned char* msg, unsigned char* end,
-								  unsigned char* rdata)
+										unsigned char* eor,
+										unsigned char* rdata)
 {
    struct naptr_rdata* naptr;
    unsigned char* flags;
@@ -331,20 +335,20 @@ struct naptr_rdata* dns_naptr_parser( unsigned char* msg, unsigned char* end,
    char repl[MAX_DNS_NAME];
    
    naptr = 0;
-	if ((rdata + 7 + 1)>end) goto error;
+	if ((rdata + 7 + 1)>eor) goto error;
    
    memcpy((void*)&order, rdata, 2);
    memcpy((void*)&pref, rdata + 2, 2);
    flags_len = rdata[4];
-	if ((rdata + 7 + 1 +  flags_len) > end)
+	if ((rdata + 7 + 1 +  flags_len) > eor)
    	goto error;
    flags=rdata+5;
    services_len = rdata[5 + flags_len];
-	if ((rdata + 7 + 1 + flags_len + services_len) > end)
+	if ((rdata + 7 + 1 + flags_len + services_len) > eor)
    	goto error;
    services=rdata + 6 + flags_len;
    regexp_len = rdata[6 + flags_len + services_len];
-	if ((rdata + 7 +1 + flags_len + services_len + regexp_len) > end)
+	if ((rdata + 7 +1 + flags_len + services_len + regexp_len) > eor)
    	goto error;
    regexp=rdata + 7 + flags_len + services_len;
    rdata = rdata + 7 + flags_len + services_len + regexp_len;
@@ -418,11 +422,11 @@ error:
 /* parses an A record rdata into an a_rdata structure
  * returns 0 on error or a dyn. alloc'ed a_rdata struct
  */
-struct a_rdata* dns_a_parser(unsigned char* rdata, unsigned char* end)
+struct a_rdata* dns_a_parser(unsigned char* rdata, unsigned char* eor)
 {
    struct a_rdata* a;
    
-	if (rdata+4>end) goto error;
+	if (rdata+4>eor) goto error;
    a=(struct a_rdata*)local_malloc(sizeof(struct a_rdata));
    if (a==0){
    	LOG(L_ERR, "ERROR: dns_a_parser: out of memory\n");
@@ -438,11 +442,11 @@ error:
/* parses an AAAA (ipv6) record rdata into an aaaa_rdata structure
  * returns 0 on error or a dyn. alloc'ed aaaa_rdata struct */
-struct aaaa_rdata* dns_aaaa_parser(unsigned char* rdata, unsigned char* end)
+struct aaaa_rdata* dns_aaaa_parser(unsigned char* rdata, unsigned char* eor)
 {
    struct aaaa_rdata* aaaa;
    
-	if (rdata+16>end) goto error;
+	if (rdata+16>eor) goto error;
    aaaa=(struct aaaa_rdata*)local_malloc(sizeof(struct aaaa_rdata));
    if (aaaa==0){
    	LOG(L_ERR, "ERROR: dns_aaaa_parser: out of memory\n");
@@ -641,7 +645,7 @@ again:
    	}
    	switch(rtype){
    		case T_SRV:
-				srv_rd= dns_srv_parser(buff.buff, rd_end, p);
+				srv_rd= dns_srv_parser(buff.buff, end, rd_end, p);
    			rd->rdata=(void*)srv_rd;
    			if (unlikely(srv_rd==0)) goto error_parse;
    			
@@ -678,13 +682,13 @@ again:
    			last=&(rd->next);
    			break;
    		case T_CNAME:
-				rd->rdata=(void*) dns_cname_parser(buff.buff, rd_end, p);
+				rd->rdata=(void*) dns_cname_parser(buff.buff, end, p);
    			if(unlikely(rd->rdata==0)) goto error_parse;
    			*last=rd;
    			last=&(rd->next);
    			break;
    		case T_NAPTR:
-				rd->rdata=(void*) dns_naptr_parser(buff.buff, rd_end, p);
+				rd->rdata=(void*)dns_naptr_parser(buff.buff, end, rd_end, p);
    			if(unlikely(rd->rdata==0)) goto error_parse;
    			*last=rd;
    			last=&(rd->next);

    