mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-24 02:23:27 +08:00
3a76fd7c95
This is what BIND 9.11.0-P2 does; it not only detects pointers that loop, as "point backwards" means "point before anything we've processed so far, including what we're processing right now", so the pointer can't point to itself (as that's what we're processing right now). This fixes an infinite loop discovered by Forcepoint's security researchers Otto Airamo & Antti Levomäki. Add a test using the capture file supplied by the reporter(s). Also, add some infinite-pointer-loop captures. More checks should be done. We might, for example, want to make sure the upper 2 bits of the label length/pointer byte are 00 or 11, and that if we encounter a pointer and jump backwards to what we think is a label the label ends before the beginning of the last label we processed, to make sure the pointer doesn't point backwards into the *middle* of a label, and also make sure the entire name is <= 255 bytes long.
117 B
117 B