]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 906d434) | patch
More dns_qpkey_t safety checks
authorTony Finch <fanf@isc.org>
Mon, 3 Apr 2023 13:20:20 +0000 (14:20 +0100)
committerTony Finch <fanf@isc.org>
Mon, 3 Apr 2023 15:10:47 +0000 (15:10 +0000)
commit3c333d02a06fb2aa753e80a795135bdff703b3d0
tree035c34c4548fac81a7c946b78abe5219023a68a0tree | snapshot
parent906d434aea19fd950a300cc5d9fad55228ebbd36commit | diff
More dns_qpkey_t safety checks

My original idea had been that the core qp-trie code would be mostly
independent of the storage for keys, so I did not make it check at run
time that key lengths are sensible. However, the qp-trie search
routines need to get keys out of leaf objects, for which they provide
storage on the stack, which is particularly dangerous for unchecked
buffer overflows. So this change checks that key lengths are in bounds
at the API boundary between the qp-trie code and the rest of BIND, and
there is no more pretence that keys might be longer.
lib/dns/include/dns/qp.h diff | blob | blame | history
lib/dns/qp.c diff | blob | blame | history
lib/dns/qp_p.h diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git