add a REQUIRE to catch the NULL pointer dereference that triggered CVE-2017-3135

author Mark Andrews <marka@isc.org>

Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)

committer Mark Andrews <marka@isc.org>

Tue, 31 Jan 2017 00:22:09 +0000 (11:22 +1100)
author Mark Andrews <marka@isc.org>
Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
committer Mark Andrews <marka@isc.org>
Tue, 31 Jan 2017 00:22:09 +0000 (11:22 +1100)
diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c

index 25f7e6db4f11af6a4b7743e9866c4b4b4597249a..803d08b1009de265f62a692220cca4881034bf87 100644 (file)
--- a/lib/dns/rdataset.c
+++ b/lib/dns/rdataset.c
@@ -334,6 +334,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
          */
  
         REQUIRE(DNS_RDATASET_VALID(rdataset));
+       REQUIRE(rdataset->methods != NULL);
         REQUIRE(countp != NULL);
         REQUIRE((order == NULL) == (order_arg == NULL));
         REQUIRE(cctx != NULL && cctx->mctx != NULL);
author	Mark Andrews <marka@isc.org>
	Tue, 31 Jan 2017 00:20:03 +0000 (11:20 +1100)
committer	Mark Andrews <marka@isc.org>
	Tue, 31 Jan 2017 00:22:09 +0000 (11:22 +1100)