response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]
+3121. [security] An authoritative name server sending a negative
+ response containing a very large RRset could
+ trigger an off-by-one error in the ncache code
+ and crash named. [RT #24650]
--- 9.4-ESV-R5rc1 released ---
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ncache.c,v 1.36.18.8 2010/06/03 23:46:10 tbox Exp $ */
+/* $Id: ncache.c,v 1.36.18.9 2011/05/26 23:13:38 each Exp $ */
/*! \file */
*/
isc_buffer_availableregion(&buffer,
&r);
- if (r.length < 2)
+ if (r.length < 3)
return (ISC_R_NOSPACE);
isc_buffer_putuint16(&buffer,
rdataset->type);
projects / thirdparty / bind9.git / commitdiff
