From f5ef0f064c3f06b250a9eeda36dc239227658b00 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Mon, 6 Mar 2023 23:00:58 +0000
Subject: [PATCH] Fix possible SEGV when no servers defined.

If there exists a --address=/<domain>/  or --server=/<domain>/#
configuration but no upstream server config unqualified by
domain then when a query which doesnt match the domain is
recieved it will use the qualfied server config and in the process
possibly make an out-of-bounds memory access.

Thanks to Daniel Danzberger for spotting the bug.
---
 CHANGELOG          | 11 +++++++++++
 src/domain-match.c |  5 +++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/domain-match.c b/src/domain-match.c
index fe8e25a..9cc51e6 100644
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -253,9 +253,10 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout)
   if (highout)
     *highout = nhigh;
 
-  if (nlow == nhigh)
+  /* qlen == -1 when we failed to match even an empty query, if there are no default servers. */
+  if (nlow == nhigh || qlen == -1)
     return 0;
-
+  
   return 1;
 }
 
-- 
2.33.7