possible null dereference in dns_acl_isanyornone() [rt18559]

diff --git a/CHANGES b/CHANGES
index b3e646ae9354382b8b31560d137c4e65d7a89915..f8993cbdd4400623dc5ec6068a483c7177efd3ba 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2439.   [bug]           Potential NULL dereference in dns_acl_isanyornone().
+                        [RT #18559]
+        
 2438.   [bug]          Timeouts could be logged incorrectly under win32.
 
 2437.  [bug]           Sockets could be closed too early, leading to

diff --git a/lib/dns/acl.c b/lib/dns/acl.c
index edb91b328c12c9c4219d1a565872858a1ff0c3c2..767bab41600a9aa268c585aca38ba49c9632b246 100644 (file)
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acl.c,v 1.46 2008/09/10 21:52:49 each Exp $ */
+/* $Id: acl.c,v 1.47 2008/09/12 04:54:39 each Exp $ */
 
 /*! \file */
 
@@ -144,10 +144,11 @@ dns_acl_isanyornone(dns_acl_t *acl, isc_boolean_t pos)
            acl->iptable->radix->head->prefix == NULL)
                return (ISC_FALSE);
 
-       if (acl->length != 0 && acl->node_count != 1)
+       if (acl->length != 0 || acl->node_count != 1)
                return (ISC_FALSE);
 
        if (acl->iptable->radix->head->prefix->bitlen == 0 &&
+           acl->iptable->radix->head->data[0] != NULL &&
            *(isc_boolean_t *) (acl->iptable->radix->head->data[0]) == pos)
                return (ISC_TRUE);