From dc74f315ff3c78106ea8f8be3de4af34c7581031 Mon Sep 17 00:00:00 2001
From: Richard Aas <richard@db.org>
Date: Tue, 29 Nov 2011 10:44:51 +0000
Subject: [PATCH] dns: handle dname compression loops

---
 src/dns/dname.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/dns/dname.c b/src/dns/dname.c
index e5d8263..23a74a3 100644
--- a/src/dns/dname.c
+++ b/src/dns/dname.c
@@ -15,6 +15,7 @@
 
 #define COMP_MASK   0xc0
 #define OFFSET_MASK 0x3fff
+#define COMP_LOOP   255
 
 
 struct dname {
@@ -140,15 +141,15 @@ int dns_dname_encode(struct mbuf *mb, const char *name,
 
 int dns_dname_decode(struct mbuf *mb, char **name, size_t start)
 {
+	uint32_t i = 0, loopc = 0;
 	bool comp = false;
 	size_t pos = 0;
 	char buf[256];
-	uint32_t i = 0;
 
 	if (!mb || !name)
 		return EINVAL;
 
-	while (mbuf_get_left(mb)) {
+	while (mb->pos < mb->end) {
 
 		uint8_t len = mb->buf[mb->pos++];
 		if (!len) {
@@ -168,6 +169,9 @@ int dns_dname_decode(struct mbuf *mb, char **name, size_t start)
 		else if ((len & COMP_MASK) == COMP_MASK) {
 			uint16_t offset;
 
+			if (loopc++ > COMP_LOOP)
+				break;
+
 			--mb->pos;
 
 			offset = ntohs(mbuf_read_u16(mb)) & OFFSET_MASK;