On Sat, Oct 30, 2010 at 05:28:42PM +0200, Gilles Chehade wrote: > It was a typo indeed, tarball has been updated and also contains a fix for > a crash experienced by todd@ when using "relay via" > > Gilles
I had a look at the pack.c file where the DNS compression is being handled. It looks good to me. But I have one concern that needs to be confirmed. In function dname_expand() on lines: 54 ptr = 256 * (n & ~0xc0) + data[offset + 1]; 55 if (ptr >= offset) 56 return (-1); The pointer is checked against offset meaning that a compression loop can't occur. This is good. However what happens if you have a DNS reply packet with a name with two labels in it, one being a normal label of a name and the second being a compression pointer that points back to the first label, kinda like so.. [8]centroid[C0 back to 8] I'm worried it might go into an infinite loop or crash even. Perhaps it should check that it cannot go back to a label inside a dns name that is being parsed. Otherwise rockin' code! I don't understand it all but the little I do it looks really high quality! -peter