From 4c356d277002d3e2f60fe43aaa85a4d524d933f8 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 28 Feb 2022 11:47:56 +1100
Subject: [PATCH] Grow the lex token buffer in one more place

when parsing key pairs, if the '=' character fell at max_token
a protective INSIST preventing buffer overrun could be triggered.
Attempt to grow the buffer immediately before the INSIST.

Also removed an unnecessary INSIST on the opening double quote
of key buffer pair.
---
 lib/isc/lex.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/isc/lex.c b/lib/isc/lex.c
index 6948041070..6373a98393 100644
--- a/lib/isc/lex.c
+++ b/lib/isc/lex.c
@@ -674,6 +674,13 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
 		case lexstate_string:
 			if (!escaped && c == '=' &&
 			    (options & ISC_LEXOPT_VPAIR) != 0) {
+				if (remaining == 0U) {
+					result = grow_data(lex, &remaining,
+							   &curr, &prev);
+					if (result != ISC_R_SUCCESS) {
+						goto done;
+					}
+				}
 				INSIST(remaining > 0U);
 				*curr++ = c;
 				*curr = '\0';
@@ -686,7 +693,6 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
 			if (state == lexstate_vpairstart) {
 				if (c == '"' &&
 				    (options & ISC_LEXOPT_QVPAIR) != 0) {
-					INSIST(remaining > 0U);
 					no_comments = true;
 					state = lexstate_qvpair;
 					break;