2496. [bug] Add sanity length checks to NSID option. [RT #18813]

diff --git a/CHANGES b/CHANGES
index 63e4b99376e425dfcc76586a9f6b04561e7fd13a..d223b39d7800c50a340f85de7fdce4820a814d46 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2496.  [bug]           Add sanity length checks to NSID option. [RT #18813]
+
 2495.  [bug]           Tighten RRSIG checks. [RT #18795]
 
 2494.  [bug]           isc/radix.h, dns/sdlz.h and dns/dlz.h were not being

diff --git a/bin/named/client.c b/bin/named/client.c
index 756d3c84d7558f53e04e464d6e8ba0571b600553..164af7cf80f67648e9394954b625f1c061c47883 100644 (file)
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.258 2008/06/23 19:41:18 jinmei Exp $ */
+/* $Id: client.c,v 1.259 2008/11/16 20:57:54 marka Exp $ */
 
 #include <config.h>
 
@@ -1222,7 +1222,7 @@ client_addopt(ns_client_t *client) {
                 * + 2 bytes for NSID length
                 * + NSID itself
                 */
-               char nsid[BUFSIZ];
+               char nsid[BUFSIZ], *nsidp;
                isc_buffer_t *buffer = NULL;
 
                if (ns_g_server->server_usehostname) {
@@ -1231,19 +1231,19 @@ client_addopt(ns_client_t *client) {
                        if (result != ISC_R_SUCCESS) {
                                goto no_nsid;
                        }
-               } else {
-                       strncpy(nsid, ns_g_server->server_id, sizeof(nsid));
-               }
+                       nsidp = nsid;
+               } else
+                       nsidp = ns_g_server->server_id;
 
-               rdata->length = strlen(nsid) + 4;
+               rdata->length = strlen(nsidp) + 4;
                result = isc_buffer_allocate(client->mctx, &buffer,
                                             rdata->length);
                if (result != ISC_R_SUCCESS)
                        goto no_nsid;
 
                isc_buffer_putuint16(buffer, DNS_OPT_NSID);
-               isc_buffer_putuint16(buffer, strlen(nsid));
-               isc_buffer_putstr(buffer, nsid);
+               isc_buffer_putuint16(buffer, strlen(nsidp));
+               isc_buffer_putstr(buffer, nsidp);
                rdata->data = buffer->base;
                dns_message_takebuffer(client->message, &buffer);
        } else {

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index f067e530cd23bed26c1f8e9740f0c0c5c599792b..27843aca65ee5b7e65342337a831b674a4aa225a 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.93 2008/09/12 06:02:31 each Exp $ */
+/* $Id: check.c,v 1.94 2008/11/16 20:57:55 marka Exp $ */
 
 /*! \file */
 
@@ -792,6 +792,19 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
                }
        }
 
+       /*
+        * Check that server-id is not too long.
+        * 1024 bytes should be big enough.
+        */
+       obj = NULL;
+       (void)cfg_map_get(options, "server-id", &obj);
+       if (obj != NULL && cfg_obj_isstring(obj) &&
+           strlen(cfg_obj_asstring(obj)) > 1024) {
+               cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                           "'server-id' too big (>1024 bytes)");
+               result = ISC_R_FAILURE;
+       }
+
        return (result);
 }