From 1f49833d4fc449d54c95c3235b5c18523e6f8d69 Mon Sep 17 00:00:00 2001
From: Riccardo Spagni <ric@spagni.net>
Date: Thu, 2 Apr 2015 11:16:18 +0200
Subject: update unbound from upstream

---
 external/unbound/services/cache/dns.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'external/unbound/services/cache/dns.c')

diff --git a/external/unbound/services/cache/dns.c b/external/unbound/services/cache/dns.c
index 4692744a1..cec2629e1 100644
--- a/external/unbound/services/cache/dns.c
+++ b/external/unbound/services/cache/dns.c
@@ -50,7 +50,7 @@
 #include "util/net_help.h"
 #include "util/regional.h"
 #include "util/config_file.h"
-#include "ldns/sbuffer.h"
+#include "sldns/sbuffer.h"
 
 /** store rrsets in the rrset cache. 
  * @param env: module environment with caches.
@@ -366,6 +366,8 @@ dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype,
 		sizeof(struct reply_info)-sizeof(struct rrset_ref));
 	if(!msg->rep)
 		return NULL;
+	if(capacity > RR_COUNT_MAX)
+		return NULL; /* integer overflow protection */
 	msg->rep->flags = BIT_QR; /* with QR, no AA */
 	msg->rep->qdcount = 1;
 	msg->rep->rrsets = (struct ub_packed_rrset_key**)
@@ -453,6 +455,8 @@ gen_dns_msg(struct regional* region, struct query_info* q, size_t num)
 		sizeof(struct reply_info) - sizeof(struct rrset_ref));
 	if(!msg->rep)
 		return NULL;
+	if(num > RR_COUNT_MAX)
+		return NULL; /* integer overflow protection */
 	msg->rep->rrsets = (struct ub_packed_rrset_key**)
 		regional_alloc(region,
 		num * sizeof(struct ub_packed_rrset_key*));
-- 
cgit v1.2.3