From: Evan Hunt Date: Wed, 12 Aug 2015 03:01:44 +0000 (-0700) Subject: [master] fix length check in OPENPGPKEY X-Git-Tag: v9.11.0a1~599 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=c707e2b9861dfa3f86b3520b9c3630db70cb020c;p=thirdparty%2Fbind9.git [master] fix length check in OPENPGPKEY 4170. [security] An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. [RT #40286] --- diff --git a/CHANGES b/CHANGES index 0febf12fd45..b182db0706d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4170. [security] An incorrect boundary check in the OPENPGPKEY + rdatatype could trigger an assertion failure. + [RT #40286] + 4169. [test] Added a 'wire_test -d' option to read input as raw binary data, for use as a fuzzing harness. [RT #40312] diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 1f6ca5b8576..7d7a62080e8 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -38,6 +38,12 @@ Security Fixes + + + An incorrect boundary check in the OPENPGPKEY rdatatype + could trigger an assertion failure. [RT #40286] + + A buffer accounting error could trigger an assertion failure diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index a91667d1c55..034a5f22459 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -1268,7 +1268,7 @@ txt_fromwire(isc_buffer_t *source, isc_buffer_t *target) { isc_buffer_activeregion(source, &sregion); if (sregion.length == 0) - return(ISC_R_UNEXPECTEDEND); + return (ISC_R_UNEXPECTEDEND); n = *sregion.base + 1; if (n > sregion.length) return (ISC_R_UNEXPECTEDEND); diff --git a/lib/dns/rdata/generic/openpgpkey_61.c b/lib/dns/rdata/generic/openpgpkey_61.c index 684f37b6f7c..99342a250fd 100644 --- a/lib/dns/rdata/generic/openpgpkey_61.c +++ b/lib/dns/rdata/generic/openpgpkey_61.c @@ -81,6 +81,8 @@ fromwire_openpgpkey(ARGS_FROMWIRE) { * Keyring. */ isc_buffer_activeregion(source, &sr); + if (sr.length < 1) + return (ISC_R_UNEXPECTEDEND); isc_buffer_forward(source, sr.length); return (mem_tobuffer(target, sr.base, sr.length)); }