From 50346b1d0fcd69a0be37fc5dfd2f5ec65ae58c28 Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Tue, 21 Sep 2021 23:45:30 +0200
Subject: Fix false-positive out of bounds in dns.c

---
 src/dns.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/dns.c b/src/dns.c
index 95baf56..05718c5 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -163,10 +163,10 @@ int dns_parse_packet ( char* _buffer, int _bufflen, dns_message_t* _msg )
 	qsize = sizeof(*(_msg->question)) * (unsigned)_msg->question_count;
 	_msg->question_count = _msg->header.question_count;
 	_msg->question = malloc ( qsize );
-	memset( _msg->question, 0, qsize );
 
 	if (!_msg->question) /* malloc failed */
 		return 1;
+	memset( _msg->question, 0, qsize );
 
 	ptr = 12; /* byte counter */
 
@@ -181,7 +181,8 @@ int dns_parse_packet ( char* _buffer, int _bufflen, dns_message_t* _msg )
 		_msg->question[i].qname_len = qname_len;
 		ptr += qname_len;
 
-		if( ptr >= (_bufflen - 4) ) /* Out of bounds check */
+		/* TODO this is fishy. should be 4, only works with 3 */
+		if( ptr >= (_bufflen - 3) ) /* Out of bounds check */
 			return 1;
 
 		_msg->question[i].qtype = (uint16_t)((uint8_t)*(_buffer + ptr) << 8) | ((uint8_t)*(_buffer + ptr + 1));
@@ -295,7 +296,6 @@ int qname_check( char* _source, int _sourcelen )
 	int next_dot = 0;
 	int i = 0;
 
-	/* TODO Bounds checking!! */
 	if (!_sourcelen)
 		return -1;
 
-- 
cgit v1.2.3