On Tue, 12 Nov 2019, Niall.oReilly+lists--- via curl-library wrote:
The very long name (`const char *bad = "this.is.` _et seq_.) is invalid
according to RFCs 1034 and 1035 both because it is too long and because it
contains embedded zero-length labels (which are represented by consecutive
dots). A strict encoder should reject it early, and so frustrate the attempt
to force a buffer overflow.
Ah! We should probably A) fix that and refuse such names with zero labels and
B) update the used host names in the test...
A validly encoded pure (without EDNS) single query must fit in 272 (12 + 256
+ 4) octets, which is well below the buffer size of 512 provided in `struct
dnsprobe`.
Then maybe that's an additional fix if we have no other reason for a larger
buffer!
--
/ daniel.haxx.se | Get the best commercial curl support there is - from me
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
