From: Mark Andrews Date: Fri, 24 Mar 2017 15:00:17 +0000 (+1100) Subject: 4582. [security] 'rndc ""' could trigger a assertion failure in named. X-Git-Tag: v9.12.0a1~405 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e8dfc5941e2375f2f8dadf3706258dd0db5f2e6;p=thirdparty%2Fbind9.git 4582. [security] 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138) [RT #44924] --- diff --git a/CHANGES b/CHANGES index 0941a6667a4..445e5e7adeb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4582. [security] 'rndc ""' could trigger a assertion failure in named. + (CVE-2017-3138) [RT #44924] + 4581. [port] Linux: Add getpid and getrandom to the list of system calls named uses for seccomp. [RT #44883] diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh index 139291e917b..6e9740cffa8 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -566,5 +566,13 @@ EOF status=`expr $status + $ret` fi +n=`expr $n + 1` +echo "I:check 'rndc \"\"' is handled ($n)" +ret=0 +$RNDCCMD "" > rndc.out.test$n 2>&1 && ret=1 +grep "rndc: '' failed: failure" rndc.out.test$n > /dev/null +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/lib/isc/include/isc/lex.h b/lib/isc/include/isc/lex.h index bc4b653d1a5..f78bdb20d8c 100644 --- a/lib/isc/include/isc/lex.h +++ b/lib/isc/include/isc/lex.h @@ -145,8 +145,6 @@ isc_lex_create(isc_mem_t *mctx, size_t max_token, isc_lex_t **lexp); * Requires: *\li '*lexp' is a valid lexer. * - *\li max_token > 0. - * * Ensures: *\li On success, *lexp is attached to the newly created lexer. * diff --git a/lib/isc/lex.c b/lib/isc/lex.c index 0f8ca532e31..bf7c0dde775 100644 --- a/lib/isc/lex.c +++ b/lib/isc/lex.c @@ -86,9 +86,10 @@ isc_lex_create(isc_mem_t *mctx, size_t max_token, isc_lex_t **lexp) { /* * Create a lexer. */ - REQUIRE(lexp != NULL && *lexp == NULL); - REQUIRE(max_token > 0U); + + if (max_token == 0U) + max_token = 1; lex = isc_mem_get(mctx, sizeof(*lex)); if (lex == NULL)