upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 06:49:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[9.20] fix: nil: silence tainted scalar in client.c

Browse source 
Coverity detected that 'optlen' was not being checked in 'process_opt'.  
This is actually already done when the OPT record was initially  
parsed.  Add an INSIST to silence Coverity as is done in message.c.

Closes #5330

Backport of MR !10500

Merge branch 'backport-5330-tainted-scalar-in-client-c-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10505
This commit is contained in:
Mark Andrews 2025-05-29 08:01:23 +00:00
commit 6b6659e1e7
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/ns/client.c
View file

@ -1561,6 +1561,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
while (isc_buffer_remaininglength(&optbuf) >= 4) {
optcode = isc_buffer_getuint16(&optbuf);
optlen = isc_buffer_getuint16(&optbuf);
INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
/*
* When returning BADVERSION, only process
* DNS_OPT_NSID or DNS_OPT_COOKIE options.