From 6440743bdc07ca222f2bcfff3790da8f885800a6 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Mon, 25 Aug 2025 10:32:36 +1000 Subject: [PATCH] RPZ canonical warning displays zone entry incorrectly Do not insert a NUL into ip_str too early as the full value is needed later. Only insert the NUL immediately before displaying just the prefix string. (cherry picked from commit 283da99f02d8b58c56efee988f39db3dc18426f1) --- lib/dns/rpz.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c index 15e93534ee..0d61fdf364 100644 --- a/lib/dns/rpz.c +++ b/lib/dns/rpz.c @@ -868,7 +868,7 @@ name2ipkey(int log_level, dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type, dns_fixedname_t ip_name2f; dns_name_t ip_name; const char *prefix_str = NULL, *cp = NULL, *end = NULL; - char *cp2; + char *prefix_end, *cp2; int ip_labels; dns_rpz_prefix_t prefix; unsigned long prefix_num, l; @@ -906,12 +906,9 @@ name2ipkey(int log_level, dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type, ""); return ISC_R_FAILURE; } - /* - * Patch in trailing nul character to print just the length - * label (for various cases below). - */ - *cp2 = '\0'; + prefix_end = cp2; if (prefix_num < 1U || prefix_num > 128U) { + *prefix_end = '\0'; badname(log_level, src_name, "; invalid prefix length of ", prefix_str); return ISC_R_FAILURE; @@ -924,6 +921,7 @@ name2ipkey(int log_level, dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type, * from the form "prefix.z.y.x.w" */ if (prefix_num > 32U) { + *prefix_end = '\0'; badname(log_level, src_name, "; invalid IPv4 prefix length of ", prefix_str); return ISC_R_FAILURE; @@ -1002,6 +1000,7 @@ name2ipkey(int log_level, dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type, i = prefix % DNS_RPZ_CIDR_WORD_BITS; aword = tgt_ip->w[prefix / DNS_RPZ_CIDR_WORD_BITS]; if ((aword & ~DNS_RPZ_WORD_MASK(i)) != 0) { + *prefix_end = '\0'; badname(log_level, src_name, "; too small prefix length of ", prefix_str); return ISC_R_FAILURE;