From 371824f0789d6e491216f266bf62955a73b49858 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 19 Jan 2024 12:37:10 +1100
Subject: [PATCH 1/3] Address infinite loop when processing $GENERATE

In nibble mode if the value to be converted was negative the parser
would loop forever.  Process the value as an unsigned int instead
of as an int to prevent sign extension when shifting.

This was found by Eric Sesterhenn from X41.
---
 lib/dns/master.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/dns/master.c b/lib/dns/master.c
index a9e7960d96..9f7258b3b3 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -581,7 +581,8 @@ static const char *hex = "0123456789abcdef0123456789ABCDEF";
  * counting the terminating NUL.
  */
 static unsigned int
-nibbles(char *numbuf, size_t length, unsigned int width, char mode, int value) {
+nibbles(char *numbuf, size_t length, unsigned int width, char mode,
+	unsigned int value) {
 	unsigned int count = 0;
 
 	/*

From 32535de856db26e70b657ccf17a22c4e891672e6 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 19 Jan 2024 12:42:13 +1100
Subject: [PATCH 2/3] Test $GENERATE in nibble mode with a negative value

Negative values used to cause $GENERATE to loop forever.
---
 bin/tests/system/checkzone/zones/good-generate-modifier.db | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/tests/system/checkzone/zones/good-generate-modifier.db b/bin/tests/system/checkzone/zones/good-generate-modifier.db
index 3c811d60e0..be4be18dc2 100644
--- a/bin/tests/system/checkzone/zones/good-generate-modifier.db
+++ b/bin/tests/system/checkzone/zones/good-generate-modifier.db
@@ -18,3 +18,4 @@ $GENERATE 0-7   host$	A 1.2.3.${1,0,d}
 $GENERATE 8-9   host$	A 1.2.3.${1,0}
 $GENERATE 10-11 host$	A 1.2.3.${1}
 $GENERATE 1024-1026 ${0,3,n}	AAAA 2001:db8::${0,4,x}
+$GENERATE 1024-1026 ${-2000,0,n}	AAAA 2001:db8::${0,4,x}

From f154187fd05dcc255d6fc0af3c9b3d0c686f1d36 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 19 Jan 2024 12:45:55 +1100
Subject: [PATCH 3/3] Add CHANGES note for [GL #4353]

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 0045fc0373..d52d077f45 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6383.	[bug]		Address an infinite loop in $GENERATE when a negative
+			value was converted in nibble mode. [GL #4353]
+
 6382.	[bug]		Fix RPZ response's SOA record TTL, which was incorrectly
 			set to 1 if 'add-soa' is used. [GL #3323]