DNS: more hardening against crafted responses

[exim.git] / src / src / host.c

diff --git a/src/src/host.c b/src/src/host.c
index e274673a0fe100d6354594db288ebac2161c56f6..ce7ca2bab1098d6f5167cd485dd46c42d0451163 100644 (file)
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -628,6 +628,8 @@ else
   if (sender_ident)
     g = string_fmt_append(g, " U=%s", sender_ident);
   }
+if (LOGGING(connection_id))
+  g = string_fmt_append(g, " Ci=%lu", connection_id);
 gstring_release_unused(g);
 return string_from_gstring(g);
 }
@@ -2723,6 +2725,7 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
   const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
   uschar data[256];
 
+  if (rr_bad_size(rr, sizeof(uint16_t))) continue;
   GETSHORT(precedence, s);      /* Pointer s is advanced */
 
   /* For MX records, we use a random "weight" which causes multiple records of
@@ -2735,6 +2738,8 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
     /* SRV records are specified with a port and a weight. The weight is used
     in a special algorithm. However, to start with, we just use it to order the
     records of equal priority (precedence). */
+
+    if (rr_bad_increment(rr, s, 2 * sizeof(uint16_t))) continue;
     GETSHORT(weight, s);
     GETSHORT(port, s);
     }