diff options
| author | Guy Harris <guy@alum.mit.edu> | 1999-10-07 09:21:38 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 1999-10-07 09:21:38 +0000 |
| commit | c6e161e7dfffd713684e24162a9687090b7e2095 (patch) | |
| tree | 808a45d054f28eef54f3b046279c6e803211b23a /packet-dns.c | |
| parent | db5f4239dc774aa207bcb7bed3c0ffee48d97841 (diff) | |
| download | wireshark-c6e161e7dfffd713684e24162a9687090b7e2095.tar.gz wireshark-c6e161e7dfffd713684e24162a9687090b7e2095.tar.bz2 wireshark-c6e161e7dfffd713684e24162a9687090b7e2095.zip | |
A DNS or NBNS name may contain pointers to other names in the packet; if
the stuff referred to by those pointers goes past the end of the packet,
that's not a reason not to return the length of the DNS or NBNS name
itself - you can tag that name even though it's bad. Therefore,
"get_dns_name()" should return the length of the part of the name it's
looked at even if that name contains a pointer to stuff that goes past
the end of the packet.
This means you can't check its return value to see if it's negative, and
treat it as an error if it is; remove that stuff.
Add checks to make sure the type and class fields in an RR don't go past
the end of the packet.
svn path=/trunk/; revision=781
Diffstat (limited to 'packet-dns.c')
| -rw-r--r-- | packet-dns.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/packet-dns.c b/packet-dns.c index 570e478046..961e74e2e8 100644 --- a/packet-dns.c +++ b/packet-dns.c @@ -1,7 +1,7 @@ /* packet-dns.c * Routines for DNS packet disassembly * - * $Id: packet-dns.c,v 1.23 1999/10/07 07:44:28 guy Exp $ + * $Id: packet-dns.c,v 1.24 1999/10/07 09:21:36 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -368,7 +368,11 @@ error: overflow: /* We ran past the end of the captured data in the packet. */ strcpy(name, "<Name goes past end of captured data in packet>"); - return -1; + /* If "len" is negative, we haven't seen a pointer, and thus haven't + set the length, so set it. */ + if (len < 0) + len = dp - dptr; + return len; } @@ -384,15 +388,19 @@ get_dns_name_type_class(const u_char *pd, int offset, int dns_data_offset, int start_offset = offset; name_len = get_dns_name(pd, offset, dns_data_offset, name, sizeof(name)); - if (name_len < 0) { + offset += name_len; + + if (!BYTES_ARE_IN_FRAME(offset, 2)) { /* We ran past the end of the captured data in the packet. */ return -1; } - offset += name_len; - type = pntohs(&pd[offset]); offset += 2; + if (!BYTES_ARE_IN_FRAME(offset, 2)) { + /* We ran past the end of the captured data in the packet. */ + return -1; + } class = pntohs(&pd[offset]); offset += 2; |