From 6b2ded47d16cbe6c0c1022d0223ddb1f0fc4b610 Mon Sep 17 00:00:00 2001
From: Adam <92907233+sys7em-abotbyl@users.noreply.github.com>
Date: Wed, 3 Nov 2021 18:45:12 -0500
Subject: [PATCH] Fix OOB pointer while reading DNS name

Throw error if DNS Name segment length exceeds packet length. This check avoids a infinite loop in DNS.prototype.read_name
---
 decode/dns.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/decode/dns.js b/decode/dns.js
index 991b659..6795563 100644
--- a/decode/dns.js
+++ b/decode/dns.js
@@ -153,6 +153,9 @@ DNS.prototype.read_name = function () {
     var pos = this.offset;
 
     while ((len_or_ptr = this.raw_packet[pos]) !== 0x00) {
+        if (!len_or_ptr) {
+            throw new Error("Malformed DNS Name: label length offset beyond packet length")
+        }
         if ((len_or_ptr & 0xC0) === 0xC0) {
             // pointer is bottom 6 bits of current byte, plus all 8 bits of next byte
             pos = ((len_or_ptr & ~0xC0) << 8) | this.raw_packet[pos + 1];