From 896e19330ad06ace8973c5d7b75d2de538228062 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Thu, 23 Jan 2014 14:27:36 +0400 Subject: [PATCH] deps: backport b5135bbc from c-ares repo Original commit message: ares_parse_txt_reply: return a ares_txt_reply node for each sub-string Previously, the function would wrongly return all substrings merged into one. fix #6931 --- deps/cares/src/ares_parse_txt_reply.c | 78 +++++++++++++-------------- 1 file changed, 37 insertions(+), 41 deletions(-) diff --git a/deps/cares/src/ares_parse_txt_reply.c b/deps/cares/src/ares_parse_txt_reply.c index 51653328eb..e1ebbbea90 100644 --- a/deps/cares/src/ares_parse_txt_reply.c +++ b/deps/cares/src/ares_parse_txt_reply.c @@ -54,7 +54,7 @@ int ares_parse_txt_reply (const unsigned char *abuf, int alen, struct ares_txt_reply **txt_out) { - size_t substr_len, str_len; + size_t substr_len; unsigned int qdcount, ancount, i; const unsigned char *aptr; const unsigned char *strptr; @@ -116,23 +116,6 @@ ares_parse_txt_reply (const unsigned char *abuf, int alen, /* Check if we are really looking at a TXT record */ if (rr_class == C_IN && rr_type == T_TXT) { - /* Allocate storage for this TXT answer appending it to the list */ - txt_curr = ares_malloc_data(ARES_DATATYPE_TXT_REPLY); - if (!txt_curr) - { - status = ARES_ENOMEM; - break; - } - if (txt_last) - { - txt_last->next = txt_curr; - } - else - { - txt_head = txt_curr; - } - txt_last = txt_curr; - /* * There may be multiple substrings in a single TXT record. Each * substring may be up to 255 characters in length, with a @@ -141,36 +124,49 @@ ares_parse_txt_reply (const unsigned char *abuf, int alen, * substrings contained therein. */ - /* Compute total length to allow a single memory allocation */ strptr = aptr; while (strptr < (aptr + rr_len)) { substr_len = (unsigned char)*strptr; - txt_curr->length += substr_len; - strptr += substr_len + 1; - } + if (strptr + substr_len + 1 > aptr + rr_len) + { + status = ARES_EBADRESP; + break; + } + + ++strptr; + + /* Allocate storage for this TXT answer appending it to the list */ + txt_curr = ares_malloc_data(ARES_DATATYPE_TXT_REPLY); + if (!txt_curr) + { + status = ARES_ENOMEM; + break; + } + if (txt_last) + { + txt_last->next = txt_curr; + } + else + { + txt_head = txt_curr; + } + txt_last = txt_curr; + + txt_curr->length = substr_len; + txt_curr->txt = malloc (substr_len + 1/* Including null byte */); + if (txt_curr->txt == NULL) + { + status = ARES_ENOMEM; + break; + } + memcpy ((char *) txt_curr->txt, strptr, substr_len); + + /* Make sure we NULL-terminate */ + txt_curr->txt[substr_len] = 0; - /* Including null byte */ - txt_curr->txt = malloc (txt_curr->length + 1); - if (txt_curr->txt == NULL) - { - status = ARES_ENOMEM; - break; - } - - /* Step through the list of substrings, concatenating them */ - str_len = 0; - strptr = aptr; - while (strptr < (aptr + rr_len)) - { - substr_len = (unsigned char)*strptr; - strptr++; - memcpy ((char *) txt_curr->txt + str_len, strptr, substr_len); - str_len += substr_len; strptr += substr_len; } - /* Make sure we NULL-terminate */ - *((char *) txt_curr->txt + txt_curr->length) = '\0'; } /* Don't lose memory in the next iteration */