Cast the original rcode to (dns_ttl_t) when setting extended rcode

Shifting (signed) integer left could trigger undefined behaviour when
the shifted value would overflow into the sign bit (e.g. 2048).

The issue was found when using AFL++ and UBSAN:

    message.c:2274:33: runtime error: left shift of 2048 by 20 places cannot be represented in type 'int'
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior message.c:2274:33 in

(cherry picked from commit a347641782dfb47aa45e6e8ffc9e0c6db4c07deb)

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 7c813a5cf69e6db3fab360176c7399365f912605..9dafd69f11fab52649ec60d4fe47b54139722749 100644 (file)
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -2318,10 +2318,11 @@ dns_message_renderend(dns_message_t *msg) {
                dns_message_renderrelease(msg, msg->opt_reserved);
                msg->opt_reserved = 0;
                /*
-                * Set the extended rcode.
+                * Set the extended rcode.  Cast msg->rcode to dns_ttl_t
+                * so that we do a unsigned shift.
                 */
                msg->opt->ttl &= ~DNS_MESSAGE_EDNSRCODE_MASK;
-               msg->opt->ttl |= ((msg->rcode << 20) &
+               msg->opt->ttl |= (((dns_ttl_t)(msg->rcode) << 20) &
                                  DNS_MESSAGE_EDNSRCODE_MASK);
                /*
                 * Render.