summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2019-09-13 11:00:58 +0200
committerDaniel Stenberg <daniel@haxx.se>2019-09-13 11:00:58 +0200
commit15312171b540d6b65edf5e83ad4cfcd3da4ec4e9 (patch)
treeceb1293dcfa87eaca06d950547913774207aa8d7
parent1ca91bcdb588dc6c25d345f2411fdba314433732 (diff)
downloadcurl-bagder/doh-encode-size.tar.gz
doh: fix off-by-one error in size check for doh_encode()bagder/doh-encode-size
When building the outgoing DNS packet, we typically need one byte more than the length of the host name since each "label" needs a single byte length. "a.b" needs four bytes. This would previously lead to a single byte overwrite of the given input host name was exactly 240 bytes, but the overwritten data is the length variable that gets updated immediately afterwards, making the net result that it only made a broken DNS packet. Inspired-by: Paul Dreik
-rw-r--r--lib/doh.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/doh.c b/lib/doh.c
index 6d1f3303b..80cd9ac26 100644
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -84,7 +84,7 @@ UNITTEST DOHcode doh_encode(const char *host,
unsigned char *orig = dnsp;
const char *hostp = host;
- if(len < (12 + hostlen + 4))
+ if(len <= (12 + hostlen + 4))
return DOH_TOO_SMALL_BUFFER;
*dnsp++ = 0; /* 16 bit id */