The previous code used GET_W twice on two int variables, for no
explicable reason. The top of these int variables was shifted left by
16, giving a 32-bit signed value. The fields in adns_rr_soa are
unsigned long. On a 64-bit machine, the 32-bit signed value is
implicitly sign extended. This is entirely wrong.
Found by AFL 2.35b.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
adns_rr_soa *rrp= datap;
const byte *dgram= pai->dgram;
adns_status st;
- int msw, lsw, i;
+ int i;
st= pap_domain(pai, &cbyte, max, &rrp->mname,
pai->qu->flags & adns_qf_quoteok_anshost ? pdf_quoteok : 0);
if (cbyte+20 != max) return adns_s_invaliddata;
for (i=0; i<5; i++) {
- GET_W(cbyte,msw);
- GET_W(cbyte,lsw);
- (&rrp->serial)[i]= (msw<<16) | lsw;
+ unsigned long v;
+ (&rrp->serial)[i]= GET_L(cbyte, v);
}
return adns_s_ok;