fix potential infinite looping of resolver

In case a pointer to itself was received, the resolver looped inifinitely
until the stack overflows.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
This commit is contained in:
Steffen Jaeckel
2022-03-06 18:47:48 +01:00
parent 1406198087
commit 870f2174d5
2 changed files with 4 additions and 0 deletions

View File

@@ -1,4 +1,5 @@
0.12.0
- Fix potential infinite loop in resolver (#200)
- Add code coverage support
- New API:
- xmpp_stanza_get_child_by_path()

View File

@@ -321,6 +321,9 @@ static unsigned message_name_get(const unsigned char *buf,
if (i >= buf_len)
return 0;
pointer = (label_len & 0x3f) << 8 | buf[i++];
/* Prevent infinite looping */
if (pointer == buf_offset)
return 0;
if (name != NULL && name_len >= name_max && name_max > 0) {
/* We have filled the name buffer. Don't pass it recursively. */
name[name_max - 1] = '\0';