prevent a possible buffer overflow in configuration check

corrected code that could have allowed a buffer overfow while
parsing named.conf.

(cherry picked from commit 921043b54161c7a3e6dc4036b038ca4dbc5fe472)

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 1017468d429c24adfe753345f7d81daca916cba0..9c98c528d9e0545cbd135207b93ee4e44dc50c5e 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -3011,8 +3011,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
                } else if (dns_name_isula(zname)) {
                        ula = true;
                }
-               tmp += strlen(tmp);
                len -= strlen(tmp);
+               tmp += strlen(tmp);
                (void)snprintf(tmp, len, "%u/%s", zclass,
                               (ztype == CFG_ZONE_INVIEW) ? target
                               : (viewname != NULL)       ? viewname
@@ -3721,8 +3721,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
                char *tmp = keydirbuf;
                size_t len = sizeof(keydirbuf);
                dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
-               tmp += strlen(tmp);
                len -= strlen(tmp);
+               tmp += strlen(tmp);
                (void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
                tresult = keydirexist(zconfig, (const char *)keydirbuf,
                                      kaspname, keydirs, logctx, mctx);