]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
prevent a possible buffer overflow in configuration check
authorEvan Hunt <each@isc.org>
Sat, 14 May 2022 02:59:58 +0000 (19:59 -0700)
committerEvan Hunt <each@isc.org>
Sat, 14 May 2022 02:59:58 +0000 (19:59 -0700)
corrected code that could have allowed a buffer overfow while
parsing named.conf.

lib/bind9/check.c

index 658daec76de76fcea584aa866c468d29c738a537..baacd29a8403e19af108e90a892dfd2872e95c59 100644 (file)
@@ -3009,8 +3009,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
                } else if (dns_name_isula(zname)) {
                        ula = true;
                }
-               tmp += strlen(tmp);
                len -= strlen(tmp);
+               tmp += strlen(tmp);
                (void)snprintf(tmp, len, "%u/%s", zclass,
                               (ztype == CFG_ZONE_INVIEW) ? target
                               : (viewname != NULL)       ? viewname
@@ -3719,8 +3719,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
                char *tmp = keydirbuf;
                size_t len = sizeof(keydirbuf);
                dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
-               tmp += strlen(tmp);
                len -= strlen(tmp);
+               tmp += strlen(tmp);
                (void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
                tresult = keydirexist(zconfig, (const char *)keydirbuf,
                                      kaspname, keydirs, logctx, mctx);