From c82120fb4677db32c5b159ee248d66b77a84ba82 Mon Sep 17 00:00:00 2001
From: drmckay <1202951+drmckay@users.noreply.github.com>
Date: Sun, 21 Dec 2025 12:05:30 +0100
Subject: [PATCH] Fix buffer overread in rr2str() function

Add bounds checking to prevent buffer overread when parsing DNS records:
- Check if ptr >= end before reading label length
- Handle DNS compression pointers (0xC0 prefix) properly
- Validate ptr + l doesn't exceed buffer end before copying

Fixes #1
---
 dnsstream.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/dnsstream.c b/dnsstream.c
index e4b8991..616b347 100644
--- a/dnsstream.c
+++ b/dnsstream.c
@@ -57,10 +57,20 @@ rr2str(const uint8_t **ptrptr, const uint8_t *end) {
     const uint8_t *ptr = *ptrptr;
 
     while (1) {
+        if (ptr >= end)
+            break;
         l = ptr[0];
+
+        if ((l & 0xC0) == 0xC0) {
+            ptr += 2;
+            break;
+        }
+
         ptr++;
         if (l <= 0)
             break;
+        if (ptr + l > end)
+            break;
         if (dst > res)
             *dst++ = '.';
         if (dst + l + 1 >= dend)