From: Mark Andrews <marka@isc.org>
Date: Wed, 28 May 2025 23:42:08 +0000 (+1000)
Subject: Silence tainted scalar in client.c
X-Git-Tag: v9.21.9~26^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72cd6e85916e02fe7f51806eb25ee0c5a973398a;p=thirdparty%2Fbind9.git

Silence tainted scalar in client.c

Coverity detected that 'optlen' was not being checked in 'process_opt'.
This is actually already done when the OPT record was initially
parsed.  Add an INSIST to silence Coverity as is done in message.c.
---

diff --git a/lib/ns/client.c b/lib/ns/client.c
index cdc5a49e094..87e79e13330 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -1589,6 +1589,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
 		while (isc_buffer_remaininglength(&optbuf) >= 4) {
 			optcode = isc_buffer_getuint16(&optbuf);
 			optlen = isc_buffer_getuint16(&optbuf);
+
+			INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
+
 			/*
 			 * When returning BADVERSION, only process
 			 * DNS_OPT_NSID or DNS_OPT_COOKIE options.