diff options
Diffstat (limited to 'deps/cares/src/ares_expand_name.c')
| -rw-r--r-- | deps/cares/src/ares_expand_name.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/deps/cares/src/ares_expand_name.c b/deps/cares/src/ares_expand_name.c index 738be8dccb..3a38e6737e 100644 --- a/deps/cares/src/ares_expand_name.c +++ b/deps/cares/src/ares_expand_name.c @@ -32,6 +32,9 @@ #include "ares_nowarn.h" #include "ares_private.h" /* for the memdebug */ +/* Maximum number of indirections allowed for a name */ +#define MAX_INDIRS 50 + static int name_length(const unsigned char *encoded, const unsigned char *abuf, int alen); @@ -66,7 +69,7 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, char *q; const unsigned char *p; union { - ssize_t sig; + ares_ssize_t sig; size_t uns; } nlen; @@ -162,7 +165,8 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, /* If we've seen more indirects than the message length, * then there's a loop. */ - if (++indir > alen) + ++indir; + if (indir > alen || indir > MAX_INDIRS) return -1; } else if (top == 0x00) |