File squid-2.7.x-bnc829084-CVE-2013-4115-BO_request_handling.diff of Package squid

diff -rNU 30 ../squid-2.7.STABLE5-o/src/dns_internal.c ./src/dns_internal.c
--- ../squid-2.7.STABLE5-o/src/dns_internal.c	2008-06-27 22:56:26.000000000 +0200
+++ ./src/dns_internal.c	2013-08-22 10:28:51.000000000 +0200
@@ -1059,60 +1059,66 @@
 
 static int
 idnsCachedLookup(const char *key, IDNSCB * callback, void *data)
 {
     idns_query *q;
     idns_query *old = hash_lookup(idns_lookup_hash, key);
     if (!old)
 	return 0;
     q = cbdataAlloc(idns_query);
     q->tcp_socket = -1;
     q->callback = callback;
     q->callback_data = data;
     cbdataLock(q->callback_data);
     q->queue = old->queue;
     old->queue = q;
     return 1;
 }
 
 static void
 idnsCacheQuery(idns_query * q)
 {
     q->hash.key = q->query.name;
     hash_join(idns_lookup_hash, &q->hash);
 }
 
 void
 idnsALookup(const char *name, IDNSCB * callback, void *data)
 {
     unsigned int i;
     int nd = 0;
+    unsigned int namelength = strlen(name);
+    if(namelength > NS_MAXDNAME) {
+	debug(78, 1) ("idnsALookup SECURITY ALERT: name too long: %s",
+            name);
+	return;
+    }
     idns_query *q;
     if (idnsCachedLookup(name, callback, data))
 	return;
     q = cbdataAlloc(idns_query);
     q->tcp_socket = -1;
     q->id = idnsQueryID();
 
     for (i = 0; i < strlen(name); i++) {
 	if (name[i] == '.') {
 	    nd++;
 	}
     }
 
     if (Config.onoff.res_defnames && npc > 0 && name[strlen(name) - 1] != '.') {
 	q->do_searchpath = 1;
     } else {
 	q->do_searchpath = 0;
     }
     strcpy(q->orig, name);
     strcpy(q->name, q->orig);
     if (q->do_searchpath && nd < ndots) {
 	q->domain = 0;
 	strcat(q->name, ".");
 	strcat(q->name, searchpath[q->domain].domain);
 	debug(78, 3) ("idnsALookup: searchpath used for %s\n",
 	    q->name);
     }
     q->sz = rfc1035BuildAQuery(q->name, q->buf, sizeof(q->buf), q->id,
 	&q->query);