Branch: Tag:

2013-08-09

2013-08-09 12:50:44 by Andreas Petersson <andreas@sbin.se>

DNS.pmod: Prevent endless loops in maliciously crafted domain names.

326:    int pos=n[0];    int next=-1;    array(string) ret=({}); +  int labels = 0;    while(pos < sizeof(msg))    { -  +  labels++; +  if (labels > 255) +  error("Bad domain name. Too many labels.\n");    switch(int len=msg[pos])    {    case 0: