Closed yuuki-w closed 4 years ago
When a WKS record has services which port number is over 65528, ldns_rdf2buffer_str_wks never return.
In host2str.c:841 (in 1.7.1)
822 uint16_t current_service; // ... 840 for (current_service = 0; 841 current_service < (ldns_rdf_size(rdf)-1)*8; current_service++) {
In this case, (ldns_rdf_size(rdf)-1)* 8 is 65536 but the variable current_service is uint16_t so overflows after checking port 65535, the condition never become false.
(ldns_rdf_size(rdf)-1)* 8
current_service
Perfect. Thanks!
I mean good catch :). The perfect is for PR #96
When a WKS record has services which port number is over 65528, ldns_rdf2buffer_str_wks never return.
In host2str.c:841 (in 1.7.1)
In this case,
(ldns_rdf_size(rdf)-1)* 8
is 65536 but the variablecurrent_service
is uint16_t so overflows after checking port 65535, the condition never become false.