From 0dbda6661dcc45d203906b4d960b0977bcec4051 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 9 Jul 2024 11:55:46 +1000
Subject: [PATCH] Prevent overflow of bufsize

If bufsize overflows we will have an infinite loop.  In practice
this will not happen unless we have made a coding error.  Add an
INSIST to detect this condition.

    181retry:
    182        isc_buffer_allocate(mctx, &b, bufsize);
    183        result = dns_rdata_totext(rdata, NULL, b);
    184        if (result == ISC_R_NOSPACE) {
    185                isc_buffer_free(&b);

    CID 498031: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
    overflow_const: Expression bufsize, which is equal to 0, overflows
    the type that receives it, an unsigned integer 32 bits wide.
    186                bufsize *= 2;
    187                goto retry;
    188        }

(cherry picked from commit 20ac13fb234f9bca37fe8b86910df805779a7621)
---
 bin/dig/host.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/dig/host.c b/bin/dig/host.c
index 011587a5a6..57c1fb492d 100644
--- a/bin/dig/host.c
+++ b/bin/dig/host.c
@@ -185,6 +185,7 @@ retry:
 	result = dns_rdata_totext(rdata, NULL, b);
 	if (result == ISC_R_NOSPACE) {
 		isc_buffer_free(&b);
+		INSIST(bufsize <= (UINT_MAX / 2));
 		bufsize *= 2;
 		goto retry;
 	}