From: Wouter Wijngaards Date: Wed, 25 May 2011 11:32:05 +0000 (+0000) Subject: - defense in depth against the above bug, an error is printed to log X-Git-Tag: release-1.4.11rc1~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30602d5d597cd279c72b8cefdd200f324e2f1819;p=thirdparty%2Funbound.git - defense in depth against the above bug, an error is printed to log instead of an assertion failure. git-svn-id: file:///svn/unbound/trunk@2420 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index b569593d6..3130c6838 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Fix assertion failure when unbound generates an empty error reply in response to a query, CVE-2011-1922 VU#531342. - This fix is in tag 1.4.10. + - defense in depth against the above bug, an error is printed to log + instead of an assertion failure. 10 May 2011: Wouter - bug#386: --enable-allsymbols option links all binaries to libunbound diff --git a/util/netevent.c b/util/netevent.c index e25f5ddae..9ee752178 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -400,7 +400,10 @@ comm_point_send_udp_msg_if(struct comm_point *c, ldns_buffer* packet, #endif /* S_SPLINT_S */ log_assert(c->fd != -1); - log_assert(ldns_buffer_remaining(packet) > 0); +#ifdef UNBOUND_DEBUG + if(ldns_buffer_remaining(packet) == 0) + log_err("error: send empty UDP packet"); +#endif log_assert(addr && addrlen > 0); msg.msg_name = addr;