add a REQUIRE to catch the NULL pointer dereference that triggered CVE-2017-3135

author Mark Andrews <marka@isc.org>

Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)

committer Mark Andrews <marka@isc.org>

Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
author Mark Andrews <marka@isc.org>
Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
committer Mark Andrews <marka@isc.org>
Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c

index 8bfa645e18790f845af8456e46eb7260517d878b..704303962f0d0d8780b4c437f758003ce413d9fb 100644 (file)
--- a/lib/dns/rdataset.c
+++ b/lib/dns/rdataset.c
@@ -334,6 +334,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
          */
  
         REQUIRE(DNS_RDATASET_VALID(rdataset));
+       REQUIRE(rdataset->methods != NULL);
         REQUIRE(countp != NULL);
         REQUIRE((order == NULL) == (order_arg == NULL));
         REQUIRE(cctx != NULL && cctx->mctx != NULL);
author	Mark Andrews <marka@isc.org>
	Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
committer	Mark Andrews <marka@isc.org>
	Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)