I'm not quite sure how this was happening, but I've been seeing PTR queries
which seem to return empty responses. At least, they were empty when calling
ares_expand_name() on the record. Here's a patch which guarantees to
NUL-terminate the expanded name. The old behavior failed to NUL-terminate if
len was 0, and this was causing strlen() to run past the end of the buffer
after calling ares_expand_name() and getting ARES_SUCCESS as the return
value. If q is not greater than *s then it's equal and *s is always
allocated with at least one byte.
--- c-ares1/ares_expand_name.c 2005/06/01 23:33:19 7804
+++ c-ares1/ares_expand_name.c 2005/06/01 23:37:30 7806
@@ -103,6 +103,8 @@
/* Nuke the trailing period if we wrote one. */
if (q > *s)
*(q - 1) = 0;
+ else
+ *q = 0;
return ARES_SUCCESS;
}
_______________________________________________
http://cool.haxx.se/mailman/listinfo/c-ares
Received on Thu Jun 2 01:53:25 2005