- defense in depth against the above bug, an error is printed to log

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Wed, 25 May 2011 11:32:05 +0000 (11:32 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Wed, 25 May 2011 11:32:05 +0000 (11:32 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Wed, 25 May 2011 11:32:05 +0000 (11:32 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Wed, 25 May 2011 11:32:05 +0000 (11:32 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index b569593d631162aa85bce904b8fd2ee0898124f7..3130c6838fb687d90ba22ea835d4a1446fcdc561 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
         - Fix assertion failure when unbound generates an empty error reply
           in response to a query, CVE-2011-1922 VU#531342.
         - This fix is in tag 1.4.10.
+       - defense in depth against the above bug, an error is printed to log
+         instead of an assertion failure.
  
  10 May 2011: Wouter
         - bug#386: --enable-allsymbols option links all binaries to libunbound
diff --git a/util/netevent.c b/util/netevent.c

index e25f5ddae3660f3d866f3b2ef39f742e63b1d333..9ee752178ba12a7aae1522c7cd09ff64b358688b 100644 (file)
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -400,7 +400,10 @@ comm_point_send_udp_msg_if(struct comm_point *c, ldns_buffer* packet,
  #endif /* S_SPLINT_S */
  
         log_assert(c->fd != -1);
-       log_assert(ldns_buffer_remaining(packet) > 0);
+#ifdef UNBOUND_DEBUG
+       if(ldns_buffer_remaining(packet) == 0)
+               log_err("error: send empty UDP packet");
+#endif
         log_assert(addr && addrlen > 0);
  
         msg.msg_name = addr;
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Wed, 25 May 2011 11:32:05 +0000 (11:32 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Wed, 25 May 2011 11:32:05 +0000 (11:32 +0000)
doc/Changelog		patch \| blob \| blame \| history
util/netevent.c		patch \| blob \| blame \| history