|
|
@@ -4,10 +4,11 @@
|
|
|
int __dn_expand(const unsigned char *base, const unsigned char *end, const unsigned char *src, char *dest, int space)
|
|
|
{
|
|
|
const unsigned char *p = src;
|
|
|
- int len = -1, j;
|
|
|
- if (space > 256) space = 256;
|
|
|
+ char *dend = dest + (space > 254 ? 254 : space);
|
|
|
+ int len = -1, i, j;
|
|
|
if (p==end || !*p) return -1;
|
|
|
- for (;;) {
|
|
|
+ /* detect reference loop using an iteration counter */
|
|
|
+ for (i=0; i < end-base; i+=2) {
|
|
|
if (*p & 0xc0) {
|
|
|
if (p+1==end) return -1;
|
|
|
j = ((p[0] & 0x3f) << 8) | p[1];
|
|
|
@@ -16,7 +17,7 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsig
|
|
|
p = base+j;
|
|
|
} else if (*p) {
|
|
|
j = *p+1;
|
|
|
- if (j>=end-p || j>space) return -1;
|
|
|
+ if (j>=end-p || j>dend-dest) return -1;
|
|
|
while (--j) *dest++ = *++p;
|
|
|
*dest++ = *++p ? '.' : 0;
|
|
|
} else {
|
|
|
@@ -24,6 +25,7 @@ int __dn_expand(const unsigned char *base, const unsigned char *end, const unsig
|
|
|
return len;
|
|
|
}
|
|
|
}
|
|
|
+ return -1;
|
|
|
}
|
|
|
|
|
|
weak_alias(__dn_expand, dn_expand);
|
Szabolcs Nagy