# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1621945058 -10800
# Node ID 5d561a77502e2b9570906f12e0d085721b558997
# Parent  7f702d35ac38abc358c0df154fd9c9e5df678395
Resolver: fixed off-by-one read in ngx_resolver_copy().

It is believed to be harmless, and in the worst case it uses some
uninitialized memory as a part of the compression pointer length,
eventually leading to the "name is out of DNS response" error.

diff -r 7f702d35ac38 -r 5d561a77502e src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c	Tue May 25 15:17:36 2021 +0300
+++ b/src/core/ngx_resolver.c	Tue May 25 15:17:38 2021 +0300
@@ -3958,6 +3958,11 @@
         }
 
         if (n & 0xc0) {
+            if (p >= last) {
+                err = "name is out of DNS response";
+                goto invalid;
+            }
+
             n = ((n & 0x3f) << 8) + *p;
             p = &buf[n];