From: guy Date: Fri, 19 Oct 2001 09:00:48 +0000 (+0000) Subject: Get rid of a null-pointer dereference when dissecting DNS requests with X-Git-Tag: tcpdump-3.7.1~57 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/8df5006c286a807e514ab0f0a5e68332a8034787?ds=sidebyside Get rid of a null-pointer dereference when dissecting DNS requests with a query count of 0 (no, such a request makes no sense, but that's what tcpdump thought it saw in one DNS-over-TCP capture). --- diff --git a/print-domain.c b/print-domain.c index 2e73a8e5..b8ff06b8 100644 --- a/print-domain.c +++ b/print-domain.c @@ -21,7 +21,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.77 2001-09-17 21:58:00 fenner Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-domain.c,v 1.78 2001-10-19 09:00:48 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -508,7 +508,7 @@ ns_print(register const u_char *bp, u_int length) { register const HEADER *np; register int qdcount, ancount, nscount, arcount; - register const u_char *cp = NULL; + register const u_char *cp; np = (const HEADER *)bp; TCHECK(*np); @@ -538,12 +538,10 @@ ns_print(register const u_char *bp, u_int length) putchar(','); if (vflag > 1) { fputs(" q:", stdout); - if ((cp = ns_qprint((const u_char *)(np + 1), bp)) - == NULL) + if ((cp = ns_qprint(cp, bp)) == NULL) goto trunc; } else { - if ((cp = ns_nskip((const u_char *)(np + 1), bp)) - == NULL) + if ((cp = ns_nskip(cp, bp)) == NULL) goto trunc; cp += 4; /* skip QTYPE and QCLASS */ } @@ -615,9 +613,9 @@ ns_print(register const u_char *bp, u_int length) if (arcount) printf(" [%dau]", arcount); + cp = (const u_char *)(np + 1); if (qdcount--) { - cp = ns_qprint((const u_char *)(np + 1), - (const u_char *)np); + cp = ns_qprint(cp, (const u_char *)np); if (!cp) goto trunc; while (cp < snapend && qdcount--) {