2496. [bug] Add sanity length checks to NSID option. [RT #18813]

diff --git a/CHANGES b/CHANGES
index 2a56b245222c0969463540a9a661e1e0d70dcc2b..235a30458f547af49323212e91a3207cae61d7a5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2496.  [bug]           Add sanity length checks to NSID option. [RT #18813]
+
 2495.  [bug]           Tighten RRSIG checks. [RT #18795]
 
 2494.  [bug]           isc/radix.h, dns/sdlz.h and dns/dlz.h were not being

diff --git a/bin/named/client.c b/bin/named/client.c
index 930fb1741c9f0824e8d5d5de75aaeaa225984097..3197720b44bc5424f1fd68d2c69cb9a795691be1 100644 (file)
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.250.16.6 2008/05/27 22:36:09 each Exp $ */
+/* $Id: client.c,v 1.250.16.7 2008/11/16 21:04:02 marka Exp $ */
 
 #include <config.h>
 
@@ -1211,7 +1211,7 @@ client_addopt(ns_client_t *client) {
                 * + 2 bytes for NSID length
                 * + NSID itself
                 */
-               char nsid[BUFSIZ];
+               char nsid[BUFSIZ], *nsidp;
                isc_buffer_t *buffer = NULL;
 
                if (ns_g_server->server_usehostname) {
@@ -1220,19 +1220,19 @@ client_addopt(ns_client_t *client) {
                        if (result != ISC_R_SUCCESS) {
                                goto no_nsid;
                        }
-               } else {
-                       strncpy(nsid, ns_g_server->server_id, sizeof(nsid));
-               }
+                       nsidp = nsid;
+               } else
+                       nsidp = ns_g_server->server_id;
 
-               rdata->length = strlen(nsid) + 4;
+               rdata->length = strlen(nsidp) + 4;
                result = isc_buffer_allocate(client->mctx, &buffer,
                                             rdata->length);
                if (result != ISC_R_SUCCESS)
                        goto no_nsid;
 
                isc_buffer_putuint16(buffer, DNS_OPT_NSID);
-               isc_buffer_putuint16(buffer, strlen(nsid));
-               isc_buffer_putstr(buffer, nsid);
+               isc_buffer_putuint16(buffer, strlen(nsidp));
+               isc_buffer_putstr(buffer, nsidp);
                rdata->data = buffer->base;
                dns_message_takebuffer(client->message, &buffer);
        } else {

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 62218ff0f31fbd49c072e685dcdcf90d2b457b47..0cc87bd3e04eef3b4d76d2e42e6fc59f10aa76ae 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.86.10.5 2008/09/12 06:03:22 each Exp $ */
+/* $Id: check.c,v 1.86.10.6 2008/11/16 21:04:03 marka Exp $ */
 
 /*! \file */
 
@@ -754,6 +754,19 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
                }
        }
 
+       /*
+        * Check that server-id is not too long.
+        * 1024 bytes should be big enough.
+        */
+       obj = NULL;
+       (void)cfg_map_get(options, "server-id", &obj);
+       if (obj != NULL && cfg_obj_isstring(obj) &&
+           strlen(cfg_obj_asstring(obj)) > 1024) {
+               cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                           "'server-id' too big (>1024 bytes)");
+               result = ISC_R_FAILURE;
+       }
+
        return (result);
 }