From 3adaa69cb211b00f9bfc66263a56cbd87cc9e521 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 27 Apr 2021 19:22:08 +0000
Subject: [PATCH] Fix an out-of-bounds memory access when parsing PTR records

---
 nmap_dns.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nmap_dns.cc b/nmap_dns.cc
index 96e0b46e5..ceaec6b8e 100644
--- a/nmap_dns.cc
+++ b/nmap_dns.cc
@@ -1361,7 +1361,7 @@ bool DNS::Factory::ptrToIp(const std::string &ptr, sockaddr_storage &ip)
     size_t i = 0;
 
     p--;
-    while (i < sizeof(ip4->sin_addr.s_addr))
+    while (p >= cptr && i < sizeof(ip4->sin_addr.s_addr))
     {
       if (*p == '.')
       {
@@ -1394,7 +1394,7 @@ bool DNS::Factory::ptrToIp(const std::string &ptr, sockaddr_storage &ip)
     size_t i=0;
 
     p--;
-    while (i < sizeof(ip6->sin6_addr.s6_addr))
+    while (p >= cptr && i < sizeof(ip6->sin6_addr.s6_addr))
     {
       if (*p == '.')
       {