]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 287bb7b)
maybe_numeric failed to handle NUL in text region.
authorMark Andrews <marka@isc.org>
Fri, 4 Jan 2019 04:22:25 +0000 (15:22 +1100)
committerMark Andrews <marka@isc.org>
Wed, 9 Jan 2019 07:33:42 +0000 (18:33 +1100)
CHANGES patch | blob | blame | history
lib/dns/rcode.c patch | blob | blame | history

diff --git a/CHANGES b/CHANGES
index b3e0ff29795703c131f2ce87ea8be02f8109f807..5bbc37fbd22a06c91c78517f86807eac73bd5088 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5127.  [bug]           rcode.c:maybe_numeric failed to handle NUL in text
+                       regions. [GL #807]
+
 5126.  [bug]           Named incorrectly accepted empty base64 and hex encoded
                        fields when reading master files. [GL #807]
 
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index c06b26500f72caf6f6c87e8f5fdee7d21554ff67..832303a19b6d96d218ee2637f017bd148d9c5ab9 100644 (file)
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -226,28 +226,36 @@ maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
        isc_result_t result;
        uint32_t n;
        char buffer[NUMBERSIZE];
+       int v;
 
        if (! isdigit(source->base[0] & 0xff) ||
            source->length > NUMBERSIZE - 1)
+       {
                return (ISC_R_BADNUMBER);
+       }
 
        /*
         * We have a potential number.  Try to parse it with
         * isc_parse_uint32().  isc_parse_uint32() requires
         * null termination, so we must make a copy.
         */
-       snprintf(buffer, sizeof(buffer), "%.*s",
-                (int)source->length, source->base);
-
+       v = snprintf(buffer, sizeof(buffer), "%.*s",
+                    (int)source->length, source->base);
+       if (v < 0 || (unsigned)v != source->length) {
+               return (ISC_R_BADNUMBER);
+       }
        INSIST(buffer[source->length] == '\0');
 
        result = isc_parse_uint32(&n, buffer, 10);
-       if (result == ISC_R_BADNUMBER && hex_allowed)
+       if (result == ISC_R_BADNUMBER && hex_allowed) {
                result = isc_parse_uint32(&n, buffer, 16);
-       if (result != ISC_R_SUCCESS)
+       }
+       if (result != ISC_R_SUCCESS) {
                return (result);
-       if (n > max)
+       }
+       if (n > max) {
                return (ISC_R_RANGE);
+       }
        *valuep = n;
        return (ISC_R_SUCCESS);
 }
Mirror of https://gitlab.isc.org/isc-projects/bind9.git