mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-12-16 18:13:49 +01:00
85296ce6cc
Apart from advancing the buffer by RR_TYPE_LENGTH, RR_CLASS_LENGTH, and RR_TTL_LENGTH the code also attempts to read a two byte unsigned integer using _get_short(bufpos): unsigned addrlen = ntohs(_get_short(bufpos)); The bounds check must therefore ensure that the given buffer is large enough to contain two more bytes after advancing the buffer.