From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 29 Apr 2026 12:52:21 +0000 (+0200)
Subject: Validate -l and -L arguments in named-checkzone
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=042e86fa846140e42eda8f7d910f97919a08c6a5;p=thirdparty%2Fbind9.git

Validate -l and -L arguments in named-checkzone

The -l (max TTL) and -L (source serial) flags parsed their arguments
with strtol() and assigned the result directly to uint32_t with no
range check. A negative value such as -1 became UINT32_MAX, which made
-l silently disable the TTL cap it claimed to enforce, and out-of-range
values truncated to 32 bits without warning.

Switch both flags to isc_parse_uint32(), which rejects leading non-
alphanumeric input (catching '-'), checks ERANGE, and validates the
32-bit range, so an invalid argument now exits with an error instead
of being silently coerced.

Assisted-by: Claude:claude-opus-4-7
---

diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index 9a15eec34e9..40b4eabd1f9 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -24,6 +24,7 @@
 #include <isc/lib.h>
 #include <isc/log.h>
 #include <isc/mem.h>
+#include <isc/parseint.h>
 #include <isc/result.h>
 #include <isc/string.h>
 #include <isc/timer.h>
@@ -107,7 +108,6 @@ main(int argc, char **argv) {
 	bool snset = false;
 	bool logdump = false;
 	FILE *errout = stdout;
-	char *endp;
 
 	outputstyle = &dns_master_style_full;
 
@@ -222,22 +222,23 @@ main(int argc, char **argv) {
 
 		case 'L':
 			snset = true;
-			endp = NULL;
-			serialnum = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
-				fprintf(stderr, "source serial number "
-						"must be numeric");
+			if (isc_parse_uint32(&serialnum,
+					     isc_commandline_argument,
+					     0) != ISC_R_SUCCESS)
+			{
+				fprintf(stderr, "source serial number must be "
+						"a 32-bit unsigned integer\n");
 				exit(EXIT_FAILURE);
 			}
 			break;
 
 		case 'l':
 			zone_options |= DNS_ZONEOPT_CHECKTTL;
-			endp = NULL;
-			maxttl = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
-				fprintf(stderr, "maximum TTL "
-						"must be numeric");
+			if (isc_parse_uint32(&maxttl, isc_commandline_argument,
+					     0) != ISC_R_SUCCESS)
+			{
+				fprintf(stderr, "maximum TTL must be a 32-bit "
+						"unsigned integer\n");
 				exit(EXIT_FAILURE);
 			}
 			break;