mirror of https://github.com/M66B/NetGuard.git
Prevent out of bounds (3)
This commit is contained in:
parent
5978352b2d
commit
e98d5ef6a9
|
@ -29,11 +29,17 @@ int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char
|
||||||
uint8_t noff = 0;
|
uint8_t noff = 0;
|
||||||
uint16_t ptr = off;
|
uint16_t ptr = off;
|
||||||
uint8_t len = *(data + ptr);
|
uint8_t len = *(data + ptr);
|
||||||
|
uint8_t count = 0;
|
||||||
while (len) {
|
while (len) {
|
||||||
|
if (count++ > 25)
|
||||||
|
break;
|
||||||
|
|
||||||
if (len & 0xC0) {
|
if (len & 0xC0) {
|
||||||
uint16_t jump = (uint16_t) ((len & 0x3F) * 256 + *(data + ptr + 1));
|
uint16_t jump = (uint16_t) ((len & 0x3F) * 256 + *(data + ptr + 1));
|
||||||
if (jump >= datalen)
|
if (jump >= datalen) {
|
||||||
|
log_android(ANDROID_LOG_DEBUG, "DNS invalid jump");
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
ptr = jump;
|
ptr = jump;
|
||||||
len = *(data + ptr);
|
len = *(data + ptr);
|
||||||
log_android(ANDROID_LOG_DEBUG, "DNS qname compression ptr %d len %d", ptr, len);
|
log_android(ANDROID_LOG_DEBUG, "DNS qname compression ptr %d len %d", ptr, len);
|
||||||
|
@ -41,12 +47,17 @@ int32_t get_qname(const uint8_t *data, const size_t datalen, uint16_t off, char
|
||||||
c = 1;
|
c = 1;
|
||||||
off += 2;
|
off += 2;
|
||||||
}
|
}
|
||||||
} else if (ptr + 1 + len <= datalen && noff + len <= DNS_QNAME_MAX) {
|
} else if (ptr + 1 + len < datalen && noff + len <= DNS_QNAME_MAX) {
|
||||||
memcpy(qname + noff, data + ptr + 1, len);
|
memcpy(qname + noff, data + ptr + 1, len);
|
||||||
*(qname + noff + len) = '.';
|
*(qname + noff + len) = '.';
|
||||||
noff += (len + 1);
|
noff += (len + 1);
|
||||||
|
|
||||||
ptr += (len + 1);
|
uint16_t jump = (uint16_t) (ptr + 1 + len);
|
||||||
|
if (jump >= datalen) {
|
||||||
|
log_android(ANDROID_LOG_DEBUG, "DNS invalid jump");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
ptr = jump;
|
||||||
len = *(data + ptr);
|
len = *(data + ptr);
|
||||||
} else
|
} else
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue