dns-suite - npm Package Compare versions

Comparing version 1.1.1 to 1.1.2

dns.unpack-labels.js

@@ -32,7 +32,8 @@ (function (exports) {
 
-    if (0xc0 === len) {
-      var cpptr = ui8[total + 1];
+    // Handle message compression pointers. See 4.1.4 of RFC1035 for details.
+    if (len >= 0xc0) {
+      var cpptr = ((ui8[total] & 0x3f) << 8) |  ui8[total + 1];
 
-      // we're not coming back!
-      ptr = cpptr;
+      // We're not coming back, so if this is the first time we're following one of
+      // these pointers we up the byteLength to mark the pointer as part of the label
       if (!q.cpcount) {
@@ -44,3 +45,3 @@ q.byteLength += 2; // cp and len
       // recursion
-      return exports.DNS_UNPACK_LABELS(ui8, ptr, q);
+      return exports.DNS_UNPACK_LABELS(ui8, cpptr, q);
     }
@@ -56,6 +57,8 @@
 
+    // Advance the pointer to after the length indicator, then read the string in.
+    total += 1;
     for (i = 0; i < len; i += 1) {
-      total += 1;
       // TODO check url-allowable characters
       label.push(String.fromCharCode(ui8[total]));
+      total += 1;
     }
@@ -67,4 +70,7 @@
 
-    total += 1;
-
+    // It is important this be done every time, so that if we run into a message compression
+    // pointer later we still have a record of what was consumed before that.
+    if (0 === q.cpcount) {
+      q.byteLength = total - ptr;
+    }
   } while (0 !== len && undefined !== len);
@@ -75,6 +81,2 @@
   q.name = q.labels.join('.');
-  if (0 === q.cpcount) {
-    q.byteLength = total - ptr;
-  }
-
   return q;
@@ -81,0 +83,0 @@ };

package.json

 {
   "name": "dns-suite",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "description": "testing dns",
@@ -5,0 +5,0 @@ "main": "dns.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

109691

increased by2.22%

Number of package files

111

increased by1.83%

Lines of code

2707

increased by2.38%

No dependency changes