From e34ff16f67cd2a243726bc37441ba48ba3643e22 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Thu, 22 Mar 2012 11:57:18 +0000
Subject: [PATCH] Resolver: added missing sanity checking when creating name
 queries.

Found by Veracode.
---
 src/core/ngx_resolver.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 2e3047135..02c484da6 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1840,7 +1840,7 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
             len++;
 
         } else {
-            if (len == 0) {
+            if (len == 0 || len > 255) {
                 return NGX_DECLINED;
             }
 
@@ -1851,6 +1851,10 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
         p--;
     }
 
+    if (len == 0 || len > 255) {
+        return NGX_DECLINED;
+    }
+
     *p = (u_char) len;
 
     return NGX_OK;