Resolver: added missing sanity checking when creating name queries.

author Maxim Dounin <mdounin@mdounin.ru>

Thu, 22 Mar 2012 11:57:18 +0000 (11:57 +0000)

committer Maxim Dounin <mdounin@mdounin.ru>

Thu, 22 Mar 2012 11:57:18 +0000 (11:57 +0000)
author Maxim Dounin <mdounin@mdounin.ru>
Thu, 22 Mar 2012 11:57:18 +0000 (11:57 +0000)
committer Maxim Dounin <mdounin@mdounin.ru>
Thu, 22 Mar 2012 11:57:18 +0000 (11:57 +0000)
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c

index 2e3047135c1f302595932bd0466d373974fa1621..02c484da6941986dd5546b3ac27f40f31d115bf2 100644 (file)
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1840,7 +1840,7 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
              len++;
  
          } else {
-            if (len == 0) {
+            if (len == 0 || len > 255) {
                  return NGX_DECLINED;
              }
  
@@ -1851,6 +1851,10 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
          p--;
      }
  
+    if (len == 0 || len > 255) {
+        return NGX_DECLINED;
+    }
+
      *p = (u_char) len;
  
      return NGX_OK;
author	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 22 Mar 2012 11:57:18 +0000 (11:57 +0000)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 22 Mar 2012 11:57:18 +0000 (11:57 +0000)