From 1f49833d4fc449d54c95c3235b5c18523e6f8d69 Mon Sep 17 00:00:00 2001 From: Riccardo Spagni Date: Thu, 2 Apr 2015 11:16:18 +0200 Subject: update unbound from upstream --- external/unbound/dns64/dns64.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'external/unbound/dns64') diff --git a/external/unbound/dns64/dns64.c b/external/unbound/dns64/dns64.c index eaaa26f7c..63cc8084e 100644 --- a/external/unbound/dns64/dns64.c +++ b/external/unbound/dns64/dns64.c @@ -590,6 +590,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, * for the RRs themselves. Each RR has a length, TTL, pointer to wireformat * data, 2 bytes of data length, and 16 bytes of IPv6 address. */ + if(fd->count > RR_COUNT_MAX) { + *dd_out = NULL; + return; /* integer overflow protection in alloc */ + } if (!(dd = *dd_out = regional_alloc(region, sizeof(struct packed_rrset_data) + fd->count * (sizeof(size_t) + sizeof(time_t) + @@ -713,6 +717,8 @@ dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate if(ian_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) { /* also sets dk->entry.hash */ dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env); + if(!dd) + return; /* Delete negative AAAA record from cache stored by * the iterator module */ rrset_cache_remove(super->env->rrset_cache, dk->rk.dname, -- cgit v1.2.3