add a REQUIRE to catch the NULL pointer dereference that triggered CVE-2017-3135

author Mark Andrews <marka@isc.org>

Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)

committer Mark Andrews <marka@isc.org>

Tue, 31 Jan 2017 00:21:39 +0000 (11:21 +1100)
author Mark Andrews <marka@isc.org>
Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
committer Mark Andrews <marka@isc.org>
Tue, 31 Jan 2017 00:21:39 +0000 (11:21 +1100)
diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c

index ab02d32e0998f2703372d7d0faae886c40a63ab0..f70dae99846f19175c8e43b7507d4a06acf77f08 100644 (file)
--- a/lib/dns/rdataset.c
+++ b/lib/dns/rdataset.c
@@ -337,6 +337,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
          */
  
         REQUIRE(DNS_RDATASET_VALID(rdataset));
+       REQUIRE(rdataset->methods != NULL);
         REQUIRE(countp != NULL);
         REQUIRE((order == NULL) == (order_arg == NULL));
         REQUIRE(cctx != NULL && cctx->mctx != NULL);
author	Mark Andrews <marka@isc.org>
	Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
committer	Mark Andrews <marka@isc.org>
	Tue, 31 Jan 2017 00:21:39 +0000 (11:21 +1100)