* Fix parsing txt records to avoid reading of uninitialized data

author: Vsevolod Stakhov <vsevolod@rambler-co.ru> 2010-07-28 20:35:51 +0400
committer: Vsevolod Stakhov <vsevolod@rambler-co.ru> 2010-07-28 20:35:51 +0400
commit: 1b106b62bc140af89e14cb91b10f7978a47932fc (patch)
tree: 9a5cb8528a535bafc27549eee3ff1cf2a1528224 /src/dns.c
parent: e0fac6fb14601522faf67071d2a163dfa38563a2 (diff)
download: rspamd-1b106b62bc140af89e14cb91b10f7978a47932fc.tar.gz
rspamd-1b106b62bc140af89e14cb91b10f7978a47932fc.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/src/dns.c b/src/dns.c
index cd80163f0..5197aae66 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -762,7 +762,7 @@ end:
 static gint
 dns_parse_rr (guint8 *in, union rspamd_reply_element *elt, guint8 **pos, struct rspamd_dns_reply *rep, int *remain)
 {
-	guint8 *p = *pos;
+	guint8 *p = *pos, parts;
 	guint16 type, datalen, txtlen, copied;
 	gboolean parsed = FALSE;
 
@@ -831,9 +831,11 @@ dns_parse_rr (guint8 *in, union rspamd_reply_element *elt, guint8 **pos, struct
 			elt->txt.data = memory_pool_alloc (rep->request->pool, datalen + 1);
 			/* Now we should compose data from parts */
 			copied = 0;
-			while (copied < datalen) {
+			parts = 0;
+			while (copied + parts < datalen) {
 				txtlen = *p;
-				if (txtlen + copied < datalen) {
+				if (txtlen + copied + parts <= datalen) {
+					parts ++;
 					memcpy (elt->txt.data + copied, p + 1, txtlen);
 					copied += txtlen;
 					p += txtlen + 1;
author	Vsevolod Stakhov <vsevolod@rambler-co.ru>	2010-07-28 20:35:51 +0400
committer	Vsevolod Stakhov <vsevolod@rambler-co.ru>	2010-07-28 20:35:51 +0400
commit	1b106b62bc140af89e14cb91b10f7978a47932fc (patch)
tree	9a5cb8528a535bafc27549eee3ff1cf2a1528224 /src/dns.c
parent	e0fac6fb14601522faf67071d2a163dfa38563a2 (diff)
download	rspamd-1b106b62bc140af89e14cb91b10f7978a47932fc.tar.gz rspamd-1b106b62bc140af89e14cb91b10f7978a47932fc.zip