guard more carefully against integer overflows

diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index edb3d5231495b0bb47a88f87e70b4280061e7086..b665163633490c6cbafc0a5f60bf6550a44bb577 100644 (file)
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -1654,6 +1654,8 @@ recursive_gns2dns_resolution (struct GNS_ResolverHandle *rh,
     size_t off;
     struct Gns2DnsPending *gp;
     struct GNUNET_CRYPTO_EcdsaPublicKey zone;
+    struct sockaddr_in v4;
+    struct sockaddr_in6 v6;
 
     if (GNUNET_GNSRECORD_TYPE_GNS2DNS != rd[i].record_type)
       continue;
@@ -1695,10 +1697,16 @@ recursive_gns2dns_resolution (struct GNS_ResolverHandle *rh,
     }
 
     /* check if 'ip' is already an IPv4/IPv6 address */
-    if (GNUNET_OK ==
-        GNUNET_DNSSTUB_add_dns_ip (ac->authority_info.dns_authority.dns_handle,
-                                   ip))
+    if ( (1 == inet_pton (AF_INET,
+                          ip,
+                          &v4)) ||
+         (1 == inet_pton (AF_INET6,
+                          ip,
+                          &v6)) )
     {
+      GNUNET_break (GNUNET_OK ==
+                    GNUNET_DNSSTUB_add_dns_ip (ac->authority_info.dns_authority.dns_handle,
+                                               ip));
       ac->authority_info.dns_authority.found = GNUNET_YES;
       GNUNET_free (ip);
       continue;

diff --git a/src/gnsrecord/gnsrecord_serialization.c b/src/gnsrecord/gnsrecord_serialization.c
index 1db27464fd2ec344f7ec4792c93d53720353f7dc..6164fa3db1733c72413e617bee676f3f16987ecc 100644 (file)
--- a/src/gnsrecord/gnsrecord_serialization.c
+++ b/src/gnsrecord/gnsrecord_serialization.c
@@ -126,7 +126,8 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count,
     rec.data_size = htonl ((uint32_t) rd[i].data_size);
     rec.record_type = htonl (rd[i].record_type);
     rec.flags = htonl (rd[i].flags);
-    if (off + sizeof (rec) > dest_size)
+    if ( (off + sizeof (rec) > dest_size) ||
+         (off + sizeof (rec) < off) )
     {
       GNUNET_break (0);
       return -1;
@@ -135,7 +136,8 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count,
                    &rec,
                    sizeof (rec));
     off += sizeof (rec);
-    if (off + rd[i].data_size > dest_size)
+    if ( (off + rd[i].data_size > dest_size) ||
+         (off + rd[i].data_size < off) )
     {
       GNUNET_break (0);
       return -1;
@@ -185,7 +187,8 @@ GNUNET_GNSRECORD_records_deserialize (size_t len,
   off = 0;
   for (unsigned int i=0;i<rd_count;i++)
   {
-    if (off + sizeof (rec) > len)
+    if ( (off + sizeof (rec) > len) ||
+         (off + sizeof (rec) < off) )
     {
       GNUNET_break_op (0);
       return GNUNET_SYSERR;
@@ -198,7 +201,8 @@ GNUNET_GNSRECORD_records_deserialize (size_t len,
     dest[i].record_type = ntohl (rec.record_type);
     dest[i].flags = ntohl (rec.flags);
     off += sizeof (rec);
-    if (off + dest[i].data_size > len)
+    if ( (off + dest[i].data_size > len) ||
+         (off + dest[i].data_size < off) )
     {
       GNUNET_break_op (0);
       return GNUNET_SYSERR;