fix potential infinite looping of resolver
In case a pointer to itself was received, the resolver looped inifinitely until the stack overflows. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
This commit is contained in:
@@ -1,4 +1,5 @@
|
||||
0.12.0
|
||||
- Fix potential infinite loop in resolver (#200)
|
||||
- Add code coverage support
|
||||
- New API:
|
||||
- xmpp_stanza_get_child_by_path()
|
||||
|
||||
@@ -321,6 +321,9 @@ static unsigned message_name_get(const unsigned char *buf,
|
||||
if (i >= buf_len)
|
||||
return 0;
|
||||
pointer = (label_len & 0x3f) << 8 | buf[i++];
|
||||
/* Prevent infinite looping */
|
||||
if (pointer == buf_offset)
|
||||
return 0;
|
||||
if (name != NULL && name_len >= name_max && name_max > 0) {
|
||||
/* We have filled the name buffer. Don't pass it recursively. */
|
||||
name[name_max - 1] = '\0';
|
||||
|
||||
Reference in New Issue
Block a user