Subject: Fix for ares_expand_name().

Fix for ares_expand_name().

From: William Ahern <william_at_25thandclement.com>
Date: 2005-06-02

I'm not quite sure how this was happening, but I've been seeing PTR queries
which seem to return empty responses. At least, they were empty when calling
ares_expand_name() on the record. Here's a patch which guarantees to
NUL-terminate the expanded name. The old behavior failed to NUL-terminate if
len was 0, and this was causing strlen() to run past the end of the buffer
after calling ares_expand_name() and getting ARES_SUCCESS as the return
value. If q is not greater than *s then it's equal and *s is always
allocated with at least one byte.

--- c-ares1/ares_expand_name.c 2005/06/01 23:33:19 7804
+++ c-ares1/ares_expand_name.c 2005/06/01 23:37:30 7806
@@ -103,6 +103,8 @@
   /* Nuke the trailing period if we wrote one. */
   if (q > *s)
     *(q - 1) = 0;
+ else
+ *q = 0;
 
   return ARES_SUCCESS;
 }

_______________________________________________
http://cool.haxx.se/mailman/listinfo/c-ares
Received on Thu Jun 2 01:53:25 2005