From 58efb2f740e920fcc4bef654b0492955c1dbe9c5 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 19 Jan 2024 12:37:10 +1100
Subject: [PATCH 1/3] Address infinite loop when processing $GENERATE

In nibble mode if the value to be converted was negative the parser
would loop forever.  Process the value as an unsigned int instead
of as an int to prevent sign extension when shifting.

This was found by Eric Sesterhenn from X41.

(cherry picked from commit 371824f0789d6e491216f266bf62955a73b49858)
---
 lib/dns/master.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/dns/master.c b/lib/dns/master.c
index c785022721..eab1d00364 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -626,7 +626,8 @@ static const char *hex = "0123456789abcdef0123456789ABCDEF";
  * counting the terminating NUL.
  */
 static unsigned int
-nibbles(char *numbuf, size_t length, unsigned int width, char mode, int value) {
+nibbles(char *numbuf, size_t length, unsigned int width, char mode,
+	unsigned int value) {
 	unsigned int count = 0;
 
 	/*

From c8166d67f6e5f2b31945e5b320222cc681cb5fb8 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 19 Jan 2024 12:42:13 +1100
Subject: [PATCH 2/3] Test $GENERATE in nibble mode with a negative value

Negative values used to cause $GENERATE to loop forever.

(cherry picked from commit 32535de856db26e70b657ccf17a22c4e891672e6)
---
 bin/tests/system/checkzone/zones/good-generate-modifier.db | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/tests/system/checkzone/zones/good-generate-modifier.db b/bin/tests/system/checkzone/zones/good-generate-modifier.db
index 3c811d60e0..be4be18dc2 100644
--- a/bin/tests/system/checkzone/zones/good-generate-modifier.db
+++ b/bin/tests/system/checkzone/zones/good-generate-modifier.db
@@ -18,3 +18,4 @@ $GENERATE 0-7   host$	A 1.2.3.${1,0,d}
 $GENERATE 8-9   host$	A 1.2.3.${1,0}
 $GENERATE 10-11 host$	A 1.2.3.${1}
 $GENERATE 1024-1026 ${0,3,n}	AAAA 2001:db8::${0,4,x}
+$GENERATE 1024-1026 ${-2000,0,n}	AAAA 2001:db8::${0,4,x}

From 71cb3d4bc4f87ba4c3b49b8624408128e536ce90 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 19 Jan 2024 12:45:55 +1100
Subject: [PATCH 3/3] Add CHANGES note for [GL #4353]

(cherry picked from commit f154187fd05dcc255d6fc0af3c9b3d0c686f1d36)
---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index be5a479ac8..09ff3a5bc1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6383.	[bug]		Address an infinite loop in $GENERATE when a negative
+			value was converted in nibble mode. [GL #4353]
+
 6382.	[bug]		Fix RPZ response's SOA record TTL, which was incorrectly
 			set to 1 if 'add-soa' is used. [GL #3323]