From b8f54f742f1b5b14fb21fdc66cab815efec34640 Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Mon, 18 Dec 2017 23:48:52 -0500
Subject: [PATCH] dns_core: Protect against array index violation.

Add a check to allocate_dns_record to prevent calling a pointer
retrieved from beyond dns_alloc_table.

ASTERISK-27495 #close

Change-Id: Ie2f6e4991cea46baa12e837bd64cc22b44d322bb
---
 main/dns_core.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/main/dns_core.c b/main/dns_core.c
index a243b4bdd3..3e270aff7e 100644
--- a/main/dns_core.c
+++ b/main/dns_core.c
@@ -447,9 +447,13 @@ static dns_alloc_fn dns_alloc_table [] = {
 	[T_SRV] = dns_srv_alloc,
 };
 
-static struct ast_dns_record *allocate_dns_record(int rr_type, struct ast_dns_query *query, const char *data, const size_t size)
+static struct ast_dns_record *allocate_dns_record(unsigned int rr_type, struct ast_dns_query *query, const char *data, const size_t size)
 {
-	dns_alloc_fn allocator = dns_alloc_table[rr_type] ?: generic_record_alloc;
+	dns_alloc_fn allocator = generic_record_alloc;
+
+	if (rr_type < ARRAY_LEN(dns_alloc_table) && dns_alloc_table[rr_type]) {
+		allocator = dns_alloc_table[rr_type];
+	}
 
 	return allocator(query, data, size);
 }
-- 
GitLab