1 files changed, 10 insertions, 8 deletions

diff --git a/ares_parse_ptr_reply.c b/ares_parse_ptr_reply.c
index 3b6dbc3..df21e40 100644
--- a/ares_parse_ptr_reply.c
+++ b/ares_parse_ptr_reply.c
@@ -16,9 +16,6 @@
 
 #include "ares_setup.h"
 
-#ifdef HAVE_SYS_SOCKET_H
-#  include <sys/socket.h>
-#endif
 #ifdef HAVE_NETINET_IN_H
 #  include <netinet/in.h>
 #endif
@@ -38,10 +35,9 @@
 #  include <strings.h>
 #endif
 
-#include <stdlib.h>
-#include <string.h>
 #include "ares.h"
 #include "ares_dns.h"
+#include "ares_nowarn.h"
 #include "ares_private.h"
 
 int ares_parse_ptr_reply(const unsigned char *abuf, int alen, const void *addr,
@@ -107,6 +103,12 @@ int ares_parse_ptr_reply(const unsigned char *abuf, int alen, const void *addr,
       rr_class = DNS_RR_CLASS(aptr);
       rr_len = DNS_RR_LEN(aptr);
       aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          free(rr_name);
+          status = ARES_EBADRESP;
+          break;
+        }
 
       if (rr_class == C_IN && rr_type == T_PTR
           && strcasecmp(rr_name, ptrname) == 0)
@@ -189,8 +191,8 @@ int ares_parse_ptr_reply(const unsigned char *abuf, int alen, const void *addr,
                       for (i=0 ; i<aliascnt ; i++)
                         hostent->h_aliases[i] = aliases[i];
                       hostent->h_aliases[aliascnt] = NULL;
-                      hostent->h_addrtype = family;
-                      hostent->h_length = addrlen;
+                      hostent->h_addrtype = aresx_sitoss(family);
+                      hostent->h_length = aresx_sitoss(addrlen);
                       memcpy(hostent->h_addr_list[0], addr, addrlen);
                       hostent->h_addr_list[1] = NULL;
                       *host = hostent;
@@ -207,7 +209,7 @@ int ares_parse_ptr_reply(const unsigned char *abuf, int alen, const void *addr,
       status = ARES_ENOMEM;
     }
   for (i=0 ; i<aliascnt ; i++)
-    if (aliases[i]) 
+    if (aliases[i])
       free(aliases[i]);
   free(aliases);
   if (hostname)