Silence use of tainted scalar

author Mark Andrews <marka@isc.org>

Wed, 7 Jul 2021 02:09:31 +0000 (12:09 +1000)

committer Mark Andrews <marka@isc.org>

Mon, 12 Jul 2021 00:22:07 +0000 (00:22 +0000)
author Mark Andrews <marka@isc.org>
Wed, 7 Jul 2021 02:09:31 +0000 (12:09 +1000)
committer Mark Andrews <marka@isc.org>
Mon, 12 Jul 2021 00:22:07 +0000 (00:22 +0000)
diff --git a/lib/dns/journal.c b/lib/dns/journal.c

index 567692e7a44a2fb7d2f76747083137181e51fdcc..f59855dd636428fc72af17d8d2259e4c44190c9e 100644 (file)
--- a/lib/dns/journal.c
+++ b/lib/dns/journal.c
@@ -2613,6 +2613,14 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
                         CHECK(result);
  
                         size = xhdr.size;
+                       if (size > len) {
+                               isc_log_write(JOURNAL_COMMON_LOGARGS,
+                                             ISC_LOG_ERROR,
+                                             "%s: journal file corrupt, "
+                                             "transaction too large",
+                                             j1->filename);
+                               CHECK(ISC_R_FAILURE);
+                       }
                         buf = isc_mem_get(mctx, size);
                         result = journal_read(j1, buf, size);
  
@@ -2637,6 +2645,15 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
                                 /* Check again */
                                 isc_mem_put(mctx, buf, size);
                                 size = xhdr.size;
+                               if (size > len) {
+                                       isc_log_write(
+                                               JOURNAL_COMMON_LOGARGS,
+                                               ISC_LOG_ERROR,
+                                               "%s: journal file corrupt, "
+                                               "transaction too large",
+                                               j1->filename);
+                                       CHECK(ISC_R_FAILURE);
+                               }
                                 buf = isc_mem_get(mctx, size);
                                 CHECK(journal_read(j1, buf, size));
author	Mark Andrews <marka@isc.org>
	Wed, 7 Jul 2021 02:09:31 +0000 (12:09 +1000)
committer	Mark Andrews <marka@isc.org>
	Mon, 12 Jul 2021 00:22:07 +0000 (00:22 +0000)