From 91fb47475bf4ac43a58be8031ba670b74fd8e97e Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 18 Jul 2013 09:54:09 +0200 Subject: [PATCH] DNS: break out of DNSResponseGetNameByOffset if we're in there too long. Can happen on bad data. --- src/app-layer-dns-common.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c index e824d8a8c4..b5e23b6a9f 100644 --- a/src/app-layer-dns-common.c +++ b/src/app-layer-dns-common.c @@ -390,6 +390,7 @@ static uint16_t DNSResponseGetNameByOffset(const uint8_t * const input, const ui goto insufficient_data; } + int steps = 0; uint16_t fqdn_offset = 0; uint8_t length = *(input + offset); const uint8_t *qdata = input + offset; @@ -437,12 +438,16 @@ static uint16_t DNSResponseGetNameByOffset(const uint8_t * const input, const ui length = *qdata; SCLogDebug("qry length %u", length); + steps++; + if (steps >= 255) + goto bad_data; } if (fqdn_offset) { fqdn_offset--; } //PrintRawDataFp(stdout, fqdn, fqdn_offset); SCReturnUInt(fqdn_offset); +bad_data: insufficient_data: SCReturnUInt(0U); }