From 5abdee9004f118b2c1301229418f93de7626e66f Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 4 Mar 2022 09:37:39 +1100 Subject: [PATCH] Prevent arithmetic overflow of 'i' in master.c:generate the value of 'i' in generate could overflow when adding 'step' to it in the 'for' loop. Use an unsigned int for 'i' which will give an additional bit and prevent the overflow. The inputs are both less than 2^31 and and the result will be less than 2^32-1. --- lib/dns/master.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/dns/master.c b/lib/dns/master.c index 4f0dce775f..7399729161 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -790,7 +790,8 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs, isc_buffer_t target; isc_result_t result; isc_textregion_t r; - int i, n, start, stop, step = 0; + int n, start, stop, step = 0; + unsigned int i; dns_incctx_t *ictx; char dummy[2]; @@ -845,7 +846,7 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs, goto insist_cleanup; } - for (i = start; i <= stop; i += step) { + for (i = start; i <= (unsigned int)stop; i += step) { result = genname(lhs, i, lhsbuf, DNS_MASTER_LHS); if (result != ISC_R_SUCCESS) { goto error_cleanup;