upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 12:13:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Prevent overflow of bufsize

Browse source 
If bufsize overflows we will have an infinite loop.  In practice
this will not happen unless we have made a coding error.  Add an
INSIST to detect this condition.

    181retry:
    182        isc_buffer_allocate(mctx, &b, bufsize);
    183        result = dns_rdata_totext(rdata, NULL, b);
    184        if (result == ISC_R_NOSPACE) {
    185                isc_buffer_free(&b);

    CID 498031: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
    overflow_const: Expression bufsize, which is equal to 0, overflows
    the type that receives it, an unsigned integer 32 bits wide.
    186                bufsize *= 2;
    187                goto retry;
    188        }

(cherry picked from commit 20ac13fb23)
This commit is contained in:
Mark Andrews 2024-07-09 11:55:46 +10:00
parent 02cb4823db
commit 0dbda6661d
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
bin/dig/host.c
View file

@ -185,6 +185,7 @@ retry:
result = dns_rdata_totext(rdata, NULL, b);
if (result == ISC_R_NOSPACE) {
isc_buffer_free(&b);
INSIST(bufsize <= (UINT_MAX / 2));
bufsize *= 2;
goto retry;
}