# This is a BitKeeper generated patch for the following project:
# Project Name: DNS Relay 2.10
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#	           ChangeSet	1.3     -> 1.4    
#	        src/common.c	1.2     -> 1.3    
#	           src/dns.c	1.1     -> 1.2    
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/03/21	divert@adonix.(none)	1.4
# seems to fix the problems described at http://www.securiteam.com/unixfocus/5DP0P0U61G.html
# --------------------------------------------
#
diff -Nru a/src/common.c b/src/common.c
--- a/src/common.c	Thu Mar 21 19:22:12 2002
+++ b/src/common.c	Thu Mar 21 19:22:12 2002
@@ -239,6 +239,7 @@
 void sprintf_cname(const char *cname, char *buf, int bufsize)
 {
     const char *cptr = cname;
+    int c = 0;
 
     if (strlen(cname) > (unsigned)bufsize) {
         if (bufsize > 10) {
@@ -250,14 +251,19 @@
         return;
     }
 
-    while (*cptr) {
+    while (*cptr && c < bufsize) {
         int i;
         int size = *cptr;
 
-        if (cptr++ != cname) sprintf(buf++, ".");
+        if (cptr++ != cname) 
+	{
+		c++;
+		sprintf(buf++, ".");
+	}
 
-        for(i = 0; i < size; i++, cptr++) {
-            sprintf(buf++, "%c", *cptr);
+        for(i = 0; i < size && i < bufsize; i++, cptr++) {
+		c++;
+        	sprintf(buf++, "%c", *cptr);
         }
     }
 }
diff -Nru a/src/dns.c b/src/dns.c
--- a/src/dns.c	Thu Mar 21 19:22:12 2002
+++ b/src/dns.c	Thu Mar 21 19:22:12 2002
@@ -123,6 +123,11 @@
 	    unsigned char *p;
 
 	    offset = ((len & ~0xc0) << 8) + **here;
+
+	    /* should actually check against maxsize */
+	    if (offset < 0 || offset > 516)
+		    return k;
+
 	    p = &msg[offset];
 	    k = get_objectname(msg, &p, string, k);