disallow forward compression pointers

This commit is contained in:
AJ ONeal 2017-10-09 14:04:06 -06:00
parent 471a80638d
commit d743b8f3d0
1 changed files with 11 additions and 1 deletions

View File

@ -9,7 +9,7 @@
//
// NOTE:
// "NAME"s are terminated with 0x00
// "RDATA" is terminated by its length
// "RDATA" is terminated by its length, but its labels may null-terminated
exports.DNS_UNPACK_LABELS = function (ui8, ptr, q) {
if (q.cpcount > 25) {
throw new Error("compression pointer loop detected (over 25 pointers seems like a loop)");
@ -37,13 +37,23 @@ exports.DNS_UNPACK_LABELS = function (ui8, ptr, q) {
// The remaining bits may be used to specify the address of the pointer
// (it would seem that only 1 extra bit is actually used since the message size is 512 bytes)
var cpptr = ((ui8[total] & 0x3f) << 8) | ui8[total + 1];
if (cpptr >= total) {
throw new Error(
"Compression pointer at"
+ " 0x" + total.toString() + " (" + total + ")"
+ " points forward to"
+ " 0x" + cpptr.toString(16) + " (" + cpptr + ")"
);
}
// We're not coming back, so if this is the first time we're following one of
// these pointers we up the byteLength to mark the pointer as part of the label
if (!q.cpcount) {
q.byteLength += 2; // cp and len
//q.cps = [];
}
q.cpcount += 1;
//q.cps.push(cpptr);
// recursion
return exports.DNS_UNPACK_LABELS(ui8, cpptr, q);