aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/util/data
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--external/unbound/util/data/dname.c2
-rw-r--r--external/unbound/util/data/msgencode.c2
-rw-r--r--external/unbound/util/data/msgparse.c8
-rw-r--r--external/unbound/util/data/msgparse.h4
-rw-r--r--external/unbound/util/data/msgreply.c11
-rw-r--r--external/unbound/util/data/packed_rrset.c6
-rw-r--r--external/unbound/util/data/packed_rrset.h6
7 files changed, 25 insertions, 14 deletions
diff --git a/external/unbound/util/data/dname.c b/external/unbound/util/data/dname.c
index d43bbf6d2..79bf52ad4 100644
--- a/external/unbound/util/data/dname.c
+++ b/external/unbound/util/data/dname.c
@@ -45,7 +45,7 @@
#include "util/data/msgparse.h"
#include "util/log.h"
#include "util/storage/lookup3.h"
-#include "ldns/sbuffer.h"
+#include "sldns/sbuffer.h"
/* determine length of a dname in buffer, no compression pointers allowed */
size_t
diff --git a/external/unbound/util/data/msgencode.c b/external/unbound/util/data/msgencode.c
index 26b5deabe..f9a8c5f67 100644
--- a/external/unbound/util/data/msgencode.c
+++ b/external/unbound/util/data/msgencode.c
@@ -47,7 +47,7 @@
#include "util/log.h"
#include "util/regional.h"
#include "util/net_help.h"
-#include "ldns/sbuffer.h"
+#include "sldns/sbuffer.h"
/** return code that means the function ran out of memory. negative so it does
* not conflict with DNS rcodes. */
diff --git a/external/unbound/util/data/msgparse.c b/external/unbound/util/data/msgparse.c
index abe778a89..108c9dacb 100644
--- a/external/unbound/util/data/msgparse.c
+++ b/external/unbound/util/data/msgparse.c
@@ -42,10 +42,10 @@
#include "util/data/packed_rrset.h"
#include "util/storage/lookup3.h"
#include "util/regional.h"
-#include "ldns/rrdef.h"
-#include "ldns/sbuffer.h"
-#include "ldns/parseutil.h"
-#include "ldns/wire2str.h"
+#include "sldns/rrdef.h"
+#include "sldns/sbuffer.h"
+#include "sldns/parseutil.h"
+#include "sldns/wire2str.h"
/** smart comparison of (compressed, valid) dnames from packet */
static int
diff --git a/external/unbound/util/data/msgparse.h b/external/unbound/util/data/msgparse.h
index 221a45aad..1a5ced356 100644
--- a/external/unbound/util/data/msgparse.h
+++ b/external/unbound/util/data/msgparse.h
@@ -63,8 +63,8 @@
#ifndef UTIL_DATA_MSGPARSE_H
#define UTIL_DATA_MSGPARSE_H
#include "util/storage/lruhash.h"
-#include "ldns/pkthdr.h"
-#include "ldns/rrdef.h"
+#include "sldns/pkthdr.h"
+#include "sldns/rrdef.h"
struct sldns_buffer;
struct rrset_parse;
struct rr_parse;
diff --git a/external/unbound/util/data/msgreply.c b/external/unbound/util/data/msgreply.c
index 68bcfd09e..dc27be905 100644
--- a/external/unbound/util/data/msgreply.c
+++ b/external/unbound/util/data/msgreply.c
@@ -50,8 +50,8 @@
#include "util/regional.h"
#include "util/data/msgparse.h"
#include "util/data/msgencode.h"
-#include "ldns/sbuffer.h"
-#include "ldns/wire2str.h"
+#include "sldns/sbuffer.h"
+#include "sldns/wire2str.h"
/** MAX TTL default for messages and rrsets */
time_t MAX_TTL = 3600 * 24 * 10; /* ten days */
@@ -87,6 +87,7 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
/* rrset_count-1 because the first ref is part of the struct. */
size_t s = sizeof(struct reply_info) - sizeof(struct rrset_ref) +
sizeof(struct ub_packed_rrset_key*) * total;
+ if(total >= RR_COUNT_MAX) return NULL; /* sanity check on numRRS*/
if(region)
rep = (struct reply_info*)regional_alloc(region, s);
else rep = (struct reply_info*)malloc(s +
@@ -277,7 +278,11 @@ parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset,
struct packed_rrset_data** data, struct regional* region)
{
/* allocate */
- size_t s = sizeof(struct packed_rrset_data) +
+ size_t s;
+ if(pset->rr_count > RR_COUNT_MAX || pset->rrsig_count > RR_COUNT_MAX ||
+ pset->size > RR_COUNT_MAX)
+ return 0; /* protect against integer overflow */
+ s = sizeof(struct packed_rrset_data) +
(pset->rr_count + pset->rrsig_count) *
(sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)) +
pset->size;
diff --git a/external/unbound/util/data/packed_rrset.c b/external/unbound/util/data/packed_rrset.c
index 807468576..0a5c9d327 100644
--- a/external/unbound/util/data/packed_rrset.c
+++ b/external/unbound/util/data/packed_rrset.c
@@ -47,9 +47,9 @@
#include "util/alloc.h"
#include "util/regional.h"
#include "util/net_help.h"
-#include "ldns/rrdef.h"
-#include "ldns/sbuffer.h"
-#include "ldns/wire2str.h"
+#include "sldns/rrdef.h"
+#include "sldns/sbuffer.h"
+#include "sldns/wire2str.h"
void
ub_packed_rrset_parsedelete(struct ub_packed_rrset_key* pkey,
diff --git a/external/unbound/util/data/packed_rrset.h b/external/unbound/util/data/packed_rrset.h
index 5d7990a2b..6039aef24 100644
--- a/external/unbound/util/data/packed_rrset.h
+++ b/external/unbound/util/data/packed_rrset.h
@@ -58,6 +58,12 @@ typedef uint64_t rrset_id_t;
* from the SOA in the answer section from a direct SOA query or ANY query. */
#define PACKED_RRSET_SOA_NEG 0x4
+/** number of rrs and rrsets for integer overflow protection. More than
+ * this is not really possible (64K packet has much less RRs and RRsets) in
+ * a message. And this is small enough that also multiplied there is no
+ * integer overflow. */
+#define RR_COUNT_MAX 0xffffff
+
/**
* The identifying information for an RRset.
*/
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 20:19:21 +0000