[v9_9] fix length check in OPENPGPKEY

author Evan Hunt <each@isc.org>

Wed, 12 Aug 2015 03:02:45 +0000 (20:02 -0700)

committer Evan Hunt <each@isc.org>

Wed, 12 Aug 2015 03:02:45 +0000 (20:02 -0700)
author Evan Hunt <each@isc.org>
Wed, 12 Aug 2015 03:02:45 +0000 (20:02 -0700)
committer Evan Hunt <each@isc.org>
Wed, 12 Aug 2015 03:02:45 +0000 (20:02 -0700)
diff --git a/CHANGES b/CHANGES

index 83b9276708a97bdfb641c4857c39e5f3adfc5559..8ca8f5cac203fc31028c1c14bba6e49e86d0c22f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4170.  [security]      An incorrect boundary check in the OPENPGPKEY
+                       rdatatype could trigger an assertion failure.
+                       [RT #40286]
+
  4169.  [test]          Added a 'wire_test -d' option to read input as
                         raw binary data, for use as a fuzzing harness.
                         [RT #40312]
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml

index 9739b9f12c5c924e970dfb7cdba5f720a90b440e..a232eefb7e87edb51a05d7019adbeb07fa09b079 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -38,6 +38,12 @@
    <sect2 id="relnotes_security">
      <title>Security Fixes</title>
      <itemizedlist>
+      <listitem>
+       <para>
+         An incorrect boundary check in the OPENPGPKEY rdatatype
+         could trigger an assertion failure. [RT #40286]
+       </para>
+      </listitem>
        <listitem>
         <para>
           A buffer accounting error could trigger an assertion failure
diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c

index 19fb03eada174b4a59520b091c041bd49cf220ea..4ffabf1380df611fed2cb12ebd2c1bb9ad2773ca 100644 (file)
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -1269,7 +1269,7 @@ txt_fromwire(isc_buffer_t *source, isc_buffer_t *target) {
  
         isc_buffer_activeregion(source, &sregion);
         if (sregion.length == 0)
-               return(ISC_R_UNEXPECTEDEND);
+               return (ISC_R_UNEXPECTEDEND);
         n = *sregion.base + 1;
         if (n > sregion.length)
                 return (ISC_R_UNEXPECTEDEND);
diff --git a/lib/dns/rdata/generic/openpgpkey_61.c b/lib/dns/rdata/generic/openpgpkey_61.c

index 7b2a88bbd312b98d30e3bdf566f513739bc4ff8d..d542aa9ea6b533a4bbfd03057b85c41c4a79a95b 100644 (file)
--- a/lib/dns/rdata/generic/openpgpkey_61.c
+++ b/lib/dns/rdata/generic/openpgpkey_61.c
@@ -76,6 +76,8 @@ fromwire_openpgpkey(ARGS_FROMWIRE) {
          * Keyring.
          */
         isc_buffer_activeregion(source, &sr);
+       if (sr.length < 1)
+               return (ISC_R_UNEXPECTEDEND);
         isc_buffer_forward(source, sr.length);
         return (mem_tobuffer(target, sr.base, sr.length));
  }
author	Evan Hunt <each@isc.org>
	Wed, 12 Aug 2015 03:02:45 +0000 (20:02 -0700)
committer	Evan Hunt <each@isc.org>
	Wed, 12 Aug 2015 03:02:45 +0000 (20:02 -0700)
CHANGES		patch \| blob \| blame \| history
doc/arm/notes.xml		patch \| blob \| blame \| history
lib/dns/rdata.c		patch \| blob \| blame \| history
lib/dns/rdata/generic/openpgpkey_61.c		patch \| blob \| blame \| history