Fix delegdb dump buffer overflow

A buffer used to dump a DNS name in the delegdb dump flow was using the
wrong size: it was using `DNS_NAME_MAXWIRE` which is the actual max
length of a DNS name on the wire instead of using `DNS_NAME_FORMATSIZE`
which is the maximum length of a textual representation of a DNS name
(which can be way longer than `DNS_NAME_MAXWIRE` if using the master
file escape sequence format) plus 1 (end of string byte). This could
lead to a buffer overflow. This is now fixed.

diff --git a/lib/dns/deleg.c b/lib/dns/deleg.c
index 249e7c5502b19129e98b01201a1c5b8aa7db7cbf..c1c91ebce0064f7fbb1612796ba82e7efc54ae9d 100644 (file)
--- a/lib/dns/deleg.c
+++ b/lib/dns/deleg.c
@@ -687,7 +687,7 @@ tostring_namelist(dns_namelist_t *namelist, const char *id, FILE *fp) {
                fprintf(fp, " %s=", id);
                ISC_LIST_FOREACH(*namelist, name, link) {
                        isc_buffer_t nameb;
-                       char bdata[DNS_NAME_MAXWIRE] = { 0 };
+                       char bdata[DNS_NAME_FORMATSIZE] = { 0 };
 
                        isc_buffer_init(&nameb, bdata, sizeof(bdata));
                        dns_name_totext(name, 0, &nameb);
@@ -763,7 +763,7 @@ delegset_tostring(const dns_name_t *zonecut, dns_delegset_t *delegset,
                  isc_stdtime_t now, bool expired, FILE *fp) {
        ISC_LIST_FOREACH(delegset->delegs, deleg, link) {
                isc_buffer_t zonecutb;
-               char bdata[DNS_NAME_MAXWIRE];
+               char bdata[DNS_NAME_FORMATSIZE];
                dns_ttl_t ttl = 0;
 
                if (delegset->expires > now) {