diff options
| -rw-r--r-- | src/lib/libc/net/res_comp.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libc/net/res_comp.c b/src/lib/libc/net/res_comp.c index e637f4a958..0df9947226 100644 --- a/src/lib/libc/net/res_comp.c +++ b/src/lib/libc/net/res_comp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: res_comp.c,v 1.20 2016/05/01 15:17:29 millert Exp $ */ | 1 | /* $OpenBSD: res_comp.c,v 1.20.24.1 2023/03/16 13:28:54 bluhm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * ++Copyright++ 1985, 1993 | 4 | * ++Copyright++ 1985, 1993 |
| @@ -82,6 +82,9 @@ dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn, | |||
| 82 | char *eom; | 82 | char *eom; |
| 83 | int len = -1, checked = 0; | 83 | int len = -1, checked = 0; |
| 84 | 84 | ||
| 85 | if (comp_dn < msg || comp_dn >= eomorig) | ||
| 86 | return (-1); | ||
| 87 | |||
| 85 | dn = exp_dn; | 88 | dn = exp_dn; |
| 86 | cp = comp_dn; | 89 | cp = comp_dn; |
| 87 | if (length > HOST_NAME_MAX) | 90 | if (length > HOST_NAME_MAX) |
| @@ -91,6 +94,9 @@ dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn, | |||
| 91 | * fetch next label in domain name | 94 | * fetch next label in domain name |
| 92 | */ | 95 | */ |
| 93 | while ((n = *cp++)) { | 96 | while ((n = *cp++)) { |
| 97 | if (cp >= eomorig) /* out of range */ | ||
| 98 | return (-1); | ||
| 99 | |||
| 94 | /* | 100 | /* |
| 95 | * Check for indirection | 101 | * Check for indirection |
| 96 | */ | 102 | */ |