From e0bd3eff4918cd24f1b70d99382b23ff78e21862 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Tue, 7 Jan 2020 09:52:04 +0100
Subject: [PATCH] Prevent buffer overflow

---
 app/src/main/jni/netguard/dns.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/app/src/main/jni/netguard/dns.c b/app/src/main/jni/netguard/dns.c
index 5669c542..84990be7 100644
--- a/app/src/main/jni/netguard/dns.c
+++ b/app/src/main/jni/netguard/dns.c
@@ -135,10 +135,17 @@ void parse_dns_response(const struct arguments *args, const struct ng_session *s
                         (qtype == DNS_QTYPE_A || qtype == DNS_QTYPE_AAAA)) {
 
                         char rd[INET6_ADDRSTRLEN + 1];
-                        if (qtype == DNS_QTYPE_A)
-                            inet_ntop(AF_INET, data + off, rd, sizeof(rd));
-                        else if (qclass == DNS_QCLASS_IN && qtype == DNS_QTYPE_AAAA)
-                            inet_ntop(AF_INET6, data + off, rd, sizeof(rd));
+                        if (qtype == DNS_QTYPE_A) {
+                            if (off + sizeof(__be32) < *datalen)
+                                inet_ntop(AF_INET, data + off, rd, sizeof(rd));
+                            else
+                                return;
+                        } else if (qclass == DNS_QCLASS_IN && qtype == DNS_QTYPE_AAAA) {
+                            if (off + sizeof(struct in6_addr) < *datalen)
+                                inet_ntop(AF_INET6, data + off, rd, sizeof(rd));
+                            else
+                                return;
+                        }
 
                         dns_resolved(args, qname, name, rd, ttl);
                         log_android(ANDROID_LOG_DEBUG,