Merge branch '3549-isc-resource-ub' into 'main'

Avoid signed integer overflow in isc_resource_setlimit() Closes #3549 See merge request isc-projects/bind9!6788
2026-05-28 04:34:54 -04:00 · 2022-10-03 11:38:20 +00:00 · 2022-10-03 11:38:20 +00:00 · 34605e9772
commit 34605e9772
parent 1279d2dee9 4e37a6f77a
1 changed files with 8 additions and 18 deletions
--- a/lib/isc/resource.c
+++ b/lib/isc/resource.c
@ -107,26 +107,16 @@ isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) {
 		rlim_value = RLIM_INFINITY;
 	} else {
 		/*
-		 * isc_resourcevalue_t was chosen as an unsigned 64 bit
-		 * integer so that it could contain the maximum range of
-		 * reasonable values.  Unfortunately, this exceeds the typical
-		 * range on Unix systems.  Ensure the range of
-		 * rlim_t is not overflowed.
+		 * Carefully ensure the range of rlim_t is not overflowed, by
+		 * calculating how many bytes wider is isc_resourcevalue_t than
+		 * rlim_t, and whether rlim_t has a sign bit.
 		 */
-		isc_resourcevalue_t rlim_max;
-		bool rlim_t_is_signed = (((double)(rlim_t)-1) < 0);
+		isc_resourcevalue_t rlim_max = UINT64_MAX;
+		size_t wider = sizeof(rlim_max) - sizeof(rlim_t);
+		bool sign_bit = (double)(rlim_t)-1 < 0;

-		if (rlim_t_is_signed) {
-			rlim_max = ~((rlim_t)1 << (sizeof(rlim_t) * 8 - 1));
-		} else {
-			rlim_max = (rlim_t)-1;
-		}
-
-		if (value > rlim_max) {
-			value = rlim_max;
-		}
-
-		rlim_value = value;
+		rlim_max >>= CHAR_BIT * wider + (sign_bit ? 1 : 0);
+		rlim_value = ISC_MIN(value, rlim_max);
 	}

 	rl.rlim_cur = rl.rlim_max = rlim_value;