Merge pull request #40 from jtt/fix-out-of-bounds-label

Add missing length check when reading label pointer
dmachard · Feb 9, 2022 · 661fd12 · 661fd12
2 parents 5e0e439 + 792350b
commit 661fd12
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/dnsutils/dns.go b/dnsutils/dns.go
@@ -342,6 +342,9 @@ func _ParseLabels(offset int, payload []byte, pointers map[uint16]int) (string,
 		}
 		// label pointer support ?
 		if length>>6 == 3 {
+			if offset+1 >= len(payload) {
+				return "", 0, ErrDecodeDnsLabelTooShort
+			}
 			ptr := binary.BigEndian.Uint16(payload[offset:offset+2]) & 16383
 			_, exist := pointers[ptr]
 			if exist {

diff --git a/dnsutils/dns_test.go b/dnsutils/dns_test.go
@@ -360,6 +360,14 @@ func TestDecodeDnsQuestion_QtypeMissing(t *testing.T) {
 	}
 }
 
+func TestDecodeQuestion_InvalidPointer(t *testing.T) {
+	decoded := []byte{88, 27, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 202}
+	_, _, _, err := DecodeQuestion(decoded)
+	if !errors.Is(err, ErrDecodeDnsLabelTooShort) {
+		t.Errorf("bad error returned: %v", err)
+	}
+}
+
 func TestDecodeDnsAnswer_PacketTooShort(t *testing.T) {
 	payload := []byte{46, 172, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 15, 100, 110, 115, 116, 97, 112, 99, 111, 108, 108, 101, 99, 116,
 		111, 114, 4, 116, 101, 115, 116, 0, 0, 1, 0, 1, 15, 100, 110, 115, 116, 97, 112, 99, 111, 108, 108, 101, 99, 116,