]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cc85e7f)
maybe_numeric failed to handle NUL in text region.
authorMark Andrews <marka@isc.org>
Fri, 4 Jan 2019 04:22:25 +0000 (15:22 +1100)
committerMark Andrews <marka@isc.org>
Wed, 9 Jan 2019 08:22:38 +0000 (19:22 +1100)
(cherry picked from commit ee23780246e89affc31c739bbc4cbd429410fba2)

CHANGES patch | blob | blame | history
lib/dns/rcode.c patch | blob | blame | history

diff --git a/CHANGES b/CHANGES
index 2b62238ed93cbe1f671b2c950ac7b26afbcc2a6b..d57372bf9b4b86baf01ddaff61c27e4be1e54f8f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5127.  [bug]           rcode.c:maybe_numeric failed to handle NUL in text
+                       regions. [GL #807]
+
 5126.  [bug]           Named incorrectly accepted empty base64 and hex encoded
                        fields when reading master files. [GL #807]
 
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index 145a59fc6025f8bbe9f6a6458b969b5a1afef7f1..ec4e61c7ba453ddf589a25ddb341dd73d64a346d 100644 (file)
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -246,28 +246,36 @@ maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
        isc_result_t result;
        uint32_t n;
        char buffer[NUMBERSIZE];
+       int v;
 
        if (! isdigit(source->base[0] & 0xff) ||
            source->length > NUMBERSIZE - 1)
+       {
                return (ISC_R_BADNUMBER);
+       }
 
        /*
         * We have a potential number.  Try to parse it with
         * isc_parse_uint32().  isc_parse_uint32() requires
         * null termination, so we must make a copy.
         */
-       snprintf(buffer, sizeof(buffer), "%.*s",
-                (int)source->length, source->base);
-
+       v = snprintf(buffer, sizeof(buffer), "%.*s",
+                    (int)source->length, source->base);
+       if (v < 0 || (unsigned)v != source->length) {
+               return (ISC_R_BADNUMBER);
+       }
        INSIST(buffer[source->length] == '\0');
 
        result = isc_parse_uint32(&n, buffer, 10);
-       if (result == ISC_R_BADNUMBER && hex_allowed)
+       if (result == ISC_R_BADNUMBER && hex_allowed) {
                result = isc_parse_uint32(&n, buffer, 16);
-       if (result != ISC_R_SUCCESS)
+       }
+       if (result != ISC_R_SUCCESS) {
                return (result);
-       if (n > max)
+       }
+       if (n > max) {
                return (ISC_R_RANGE);
+       }
        *valuep = n;
        return (ISC_R_SUCCESS);
 }
Mirror of https://gitlab.isc.org/isc-projects/bind9.git