Browse code

core: dns cache - safety checks for rdata field

Daniel-Constantin Mierla authored on 08/04/2021 09:37:08
Showing 1 changed files
... ...
@@ -4012,7 +4012,7 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
4012 4012
 	size = e->total_size;
4013 4013
 	if (rdata_size) {
4014 4014
 		/* we have to extend the entry */
4015
-		rounded_size = ROUND_POINTER(size); /* size may not have been 
4015
+		rounded_size = ROUND_POINTER(size); /* size may not have been
4016 4016
 												rounded previously */
4017 4017
 		switch (e->type) {
4018 4018
 			case T_A:
... ...
@@ -4064,7 +4064,7 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
4064 4064
 	/* fix the pointers inside the rr structures */
4065 4065
 	last_rr = NULL;
4066 4066
 	for (rr=new->rr_lst; rr; rr=rr->next) {
4067
-		rr->rdata = (void*)translate_pointer((char*)new, (char*)e, 
4067
+		rr->rdata = (void*)translate_pointer((char*)new, (char*)e,
4068 4068
 												(char*)rr->rdata);
4069 4069
 		if (rr->next)
4070 4070
 			rr->next = (struct dns_rr*)translate_pointer((char*)new, (char*)e,
... ...
@@ -4074,6 +4074,10 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
4074 4074
 
4075 4075
 		switch(e->type){
4076 4076
 			case T_NAPTR:
4077
+				if(rr->rdata==NULL) {
4078
+					LM_WARN("null rdata filed for type: %u\n", e->type);
4079
+					break;
4080
+				}
4077 4081
 				/* there are pointers inside the NAPTR rdata stucture */
4078 4082
 				((struct naptr_rdata*)rr->rdata)->flags =
4079 4083
 					translate_pointer((char*)new, (char*)e,
... ...
@@ -4092,6 +4096,10 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
4092 4096
 						((struct naptr_rdata*)rr->rdata)->repl);
4093 4097
 				break;
4094 4098
 			case T_TXT:
4099
+				if(rr->rdata==NULL) {
4100
+					LM_WARN("null rdata filed for type: %u\n", e->type);
4101
+					break;
4102
+				}
4095 4103
 				/* there are pointers inside the TXT structure */
4096 4104
 				for (i=0; i<((struct txt_rdata*)rr->rdata)->cstr_no; i++){
4097 4105
 					((struct txt_rdata*)rr->rdata)->txt[i].cstr=
... ...
@@ -4100,6 +4108,10 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
4100 4108
 				}
4101 4109
 				break;
4102 4110
 			case T_EBL:
4111
+				if(rr->rdata==NULL) {
4112
+					LM_WARN("null rdata filed for type: %u\n", e->type);
4113
+					break;
4114
+				}
4103 4115
 				/* there are pointers inside the EBL structure */
4104 4116
 				((struct ebl_rdata*)rr->rdata)->separator =
4105 4117
 					translate_pointer((char*)new, (char*)e,
... ...
@@ -4140,7 +4152,7 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
4140 4152
  * If there is an existing record with the same name and value
4141 4153
  * (ip address in case of A/AAAA record, name in case of SRV record)
4142 4154
  * only the remaining fields are updated.
4143
- * 
4155
+ *
4144 4156
  * Note that permanent records cannot be overwritten unless
4145 4157
  * the new record is also permanent. A permanent record
4146 4158
  * completely replaces a non-permanent one.