From: Aydın Mercan Date: Wed, 10 Jun 2026 14:40:00 +0000 (+0300) Subject: validate query and response time nanosecs when parsing dnstap X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fc06937cdacd212a6d85d5140e97075988383c2;p=thirdparty%2Fbind9.git validate query and response time nanosecs when parsing dnstap An assertion is triggered inside `isc_time_set` when dnstap-read calls `dns_dt_parse` on dnstap files with query/response time nanosecond fields greater than a second. Avoid the assertion by validating the nanosecond fields to be subsecond when parsing. --- diff --git a/lib/dns/dnstap.c b/lib/dns/dnstap.c index 97b903d605..29a5882512 100644 --- a/lib/dns/dnstap.c +++ b/lib/dns/dnstap.c @@ -1114,11 +1114,19 @@ dns_dt_parse(isc_mem_t *mctx, isc_region_t *src, dns_dtdata_t **destp) { /* Timestamp */ if (d->query) { if (m->has_query_time_sec && m->has_query_time_nsec) { + if (m->query_time_nsec >= NS_PER_SEC) { + CLEANUP(DNS_R_BADDNSTAP); + } + isc_time_set(&d->qtime, m->query_time_sec, m->query_time_nsec); } } else { if (m->has_response_time_sec && m->has_response_time_nsec) { + if (m->response_time_nsec >= NS_PER_SEC) { + CLEANUP(DNS_R_BADDNSTAP); + } + isc_time_set(&d->rtime, m->response_time_sec, m->response_time_nsec); }