this is interesting. the p != qp->curdest check would just
support my point because it effectively checks if p is valid.
if p would be at qp->curdest, it would be past the last valid
entry and hence invalid so its not written.

but theres another thing, look in queryns() how p comes to be:

                        /* find responder */
                        // dnslog("queryns got reply from %I", srcip);
                        for(p = qp->dest; p < qp->curdest; p++)
                                if(memcmp(p->a, srcip, sizeof p->a) == 0)
                                        break;

                        for(np = qp->dest; np < qp->curdest; np++)
                                if(np->s == p->s)                       <-- 
oops, p might be qp->curdest here
                                        p->nx = Maxtrans;               <-- 
fuck!

                        rv = procansw(qp, &m, srcip, depth, p);

i think we also need to check p != qp->curdest before that
2nd for loop or it would trash the entry at curdist.

@@ -1439,9 +1438,10 @@
                                        break;
 
                        /* remove all addrs of responding server from list */
-                       for(np = qp->dest; np < qp->curdest; np++)
-                               if(np->s == p->s)
-                                       p->nx = Maxtrans;
+                       if(p != qp->curdest)
+                               for(np = qp->dest; np < qp->curdest; np++)
+                                       if(np->s == p->s)
+                                               p->nx = Maxtrans;
 
                        /* free or incorporate RRs in m */
                        rv = procansw(qp, &m, srcip, depth, p);

--
cinap

Reply via email to