From: Aram Sargsyan <aram@isc.org>
Date: Tue, 25 Nov 2025 18:30:20 +0000 (+0000)
Subject: Fix a bug in dns_catz_generate_zonecfg()
X-Git-Tag: v9.21.17~50^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=684d7e008a9c001fda2e95427917345a72658d67;p=thirdparty%2Fbind9.git

Fix a bug in dns_catz_generate_zonecfg()

The dns_catz_generate_zonecfg() function generates a zone configuration
string to use with a new catalog zone member zone. The buffer for the
string is 512 bytes initially (ISC_BUFFER_INCR), but can be reallocated
when required, when using corresponding isc_buffer functions like
isc_buffer_reserve(), isc_buffer_putstr(), isc_buffer_copyregion(), etc.

However, the dns_name_totext() function, which expects the buffer as an
argument, doesn't automatically resize it if the name doesn't fit there,
but instead just returns ISC_R_NOSPACE.

The chance of this occurring increases when the configuration string is
large due to, for example, long zone name, long list of primary servers
which have keys configured and/or TLS configured.

Use dns_name_format() accompanied with isc_buffer_putstr() instead of
dns_name_totext().
---

diff --git a/lib/dns/catz.c b/lib/dns/catz.c
index 198e68ad6db..305296b0204 100644
--- a/lib/dns/catz.c
+++ b/lib/dns/catz.c
@@ -1913,7 +1913,7 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
 	uint32_t i;
 	isc_netaddr_t netaddr;
 	char pbuf[sizeof("65535")]; /* used for port number */
-	char zname[DNS_NAME_FORMATSIZE];
+	char namebuf[DNS_NAME_FORMATSIZE];
 
 	REQUIRE(DNS_CATZ_ZONE_VALID(catz));
 	REQUIRE(DNS_CATZ_ENTRY_VALID(entry));
@@ -1926,7 +1926,8 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
 	isc_buffer_allocate(catz->catzs->mctx, &buffer, ISC_BUFFER_INCR);
 
 	isc_buffer_putstr(buffer, "zone \"");
-	dns_name_totext(&entry->name, DNS_NAME_OMITFINALDOT, buffer);
+	dns_name_format(&entry->name, namebuf, sizeof(namebuf));
+	isc_buffer_putstr(buffer, namebuf);
 	isc_buffer_putstr(buffer, "\" { type secondary; primaries");
 
 	isc_buffer_putstr(buffer, " { ");
@@ -1939,13 +1940,12 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
 		case AF_INET6:
 			break;
 		default:
-			dns_name_format(&entry->name, zname,
-					DNS_NAME_FORMATSIZE);
+			dns_name_format(&entry->name, namebuf, sizeof(namebuf));
 			isc_log_write(DNS_LOGCATEGORY_GENERAL,
 				      DNS_LOGMODULE_CATZ, ISC_LOG_ERROR,
 				      "catz: zone '%s' uses an invalid primary "
 				      "(no IP address assigned)",
-				      zname);
+				      namebuf);
 			CLEANUP(ISC_R_FAILURE);
 		}
 		isc_netaddr_fromsockaddr(&netaddr,
@@ -1961,14 +1961,16 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *catz, dns_catz_entry_t *entry,
 
 		if (entry->opts.masters.keys[i] != NULL) {
 			isc_buffer_putstr(buffer, " key ");
-			CHECK(dns_name_totext(entry->opts.masters.keys[i],
-					      DNS_NAME_OMITFINALDOT, buffer));
+			dns_name_format(entry->opts.masters.keys[i], namebuf,
+					sizeof(namebuf));
+			isc_buffer_putstr(buffer, namebuf);
 		}
 
 		if (entry->opts.masters.tlss[i] != NULL) {
 			isc_buffer_putstr(buffer, " tls ");
-			CHECK(dns_name_totext(entry->opts.masters.tlss[i],
-					      DNS_NAME_OMITFINALDOT, buffer));
+			dns_name_format(entry->opts.masters.tlss[i], namebuf,
+					sizeof(namebuf));
+			isc_buffer_putstr(buffer, namebuf);
 		}
 		isc_buffer_putstr(buffer, "; ");
 	}