doh: fix off-by-one error in size check for doh_encode()bagder/doh-encode-size

When building the outgoing DNS packet, we typically need one byte more than the length of the host name since each "label" needs a single byte length. "a.b" needs four bytes. This would previously lead to a single byte overwrite of the given input host name was exactly 240 bytes, but the overwritten data is the length variable that gets updated immediately afterwards, making the net result that it only made a broken DNS packet. Inspired-by: Paul Dreik
author: Daniel Stenberg <daniel@haxx.se> 2019-09-13 11:00:58 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2019-09-13 11:00:58 +0200
commit: 15312171b540d6b65edf5e83ad4cfcd3da4ec4e9 (patch)
tree: ceb1293dcfa87eaca06d950547913774207aa8d7
parent: 1ca91bcdb588dc6c25d345f2411fdba314433732 (diff)
download: curl-bagder/doh-encode-size.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/doh.c b/lib/doh.c
index 6d1f3303b..80cd9ac26 100644
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -84,7 +84,7 @@ UNITTEST DOHcode doh_encode(const char *host,
   unsigned char *orig = dnsp;
   const char *hostp = host;
 
-  if(len < (12 + hostlen + 4))
+  if(len <= (12 + hostlen + 4))
     return DOH_TOO_SMALL_BUFFER;
 
   *dnsp++ = 0; /* 16 bit id */
author	Daniel Stenberg <daniel@haxx.se>	2019-09-13 11:00:58 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2019-09-13 11:00:58 +0200
commit	15312171b540d6b65edf5e83ad4cfcd3da4ec4e9 (patch)
tree	ceb1293dcfa87eaca06d950547913774207aa8d7
parent	1ca91bcdb588dc6c25d345f2411fdba314433732 (diff)
download	curl-bagder/doh-encode-size.tar.gz