From: Mukund Sivaraman Date: Fri, 14 Aug 2015 07:55:52 +0000 (+0530) Subject: Fix assertion failure in parsing UNSPEC(103) RR from text (#40274) X-Git-Tag: v9.9.8rc1~43 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=0ada9e238a926e1b782d480da5de3ea5618bb574;p=thirdparty%2Fbind9.git Fix assertion failure in parsing UNSPEC(103) RR from text (#40274) (cherry picked from commit 984d2bb9e5aaca7c946bc78354c12b1dd75ed00a) (cherry picked from commit 9a88ab054be3aaa5f583b906741410a8fa17cf90) --- diff --git a/CHANGES b/CHANGES index 2ded011f204..4daeb043db2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4178. [bug] Fix assertion failure in parsing UNSPEC(103) RR from + text. [RT #40274] + 4177. [bug] Fix assertion failure in parsing NSAP records from text. [RT #40285] diff --git a/bin/tests/system/checkzone/zones/bad-unspec.db b/bin/tests/system/checkzone/zones/bad-unspec.db new file mode 100644 index 00000000000..50f48d6d247 --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-unspec.db @@ -0,0 +1,19 @@ +; Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +example IN TYPE103 ^# 1 00 diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index 4ffabf1380d..7fcc5ebe49b 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -1749,8 +1749,12 @@ atob_tobuffer(isc_lex_t *lexer, isc_buffer_t *target) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if ((token.value.as_ulong % 4) != 0U) - isc_buffer_subtract(target, 4 - (token.value.as_ulong % 4)); + if ((token.value.as_ulong % 4) != 0U) { + unsigned long padding = 4 - (token.value.as_ulong % 4); + if (isc_buffer_usedlength(target) < padding) + return (DNS_R_SYNTAX); + isc_buffer_subtract(target, padding); + } /* * Checksum.