upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[CVE-2025-13878] sec: usr: Fix incorrect length checks for BRID and HHIT records

Browse source 
Malformed BRID and HHIT records could trigger an assertion failure. This has been fixed.

ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing
this vulnerability to our attention.

Closes isc-projects/bind9#5616

Merge branch '5616-confidential-brid-hhit-towire' into 'v9.21.17-release'

See merge request isc-private/bind9!876
This commit is contained in:
Nicki Křížek 2026-01-08 12:32:38 +01:00
commit 7bf83f69a8
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/dns/rdata/generic/brid_68.c
View file

@ -84,7 +84,7 @@ fromwire_brid(ARGS_FROMWIRE) {
static isc_result_t
towire_brid(ARGS_TOWIRE) {
REQUIRE(rdata->type == dns_rdatatype_brid);
REQUIRE(rdata->length >= 3);
REQUIRE(rdata->length > 0);
UNUSED(cctx);

2
lib/dns/rdata/generic/hhit_67.c
View file

@ -84,7 +84,7 @@ fromwire_hhit(ARGS_FROMWIRE) {
static isc_result_t
towire_hhit(ARGS_TOWIRE) {
REQUIRE(rdata->type == dns_rdatatype_hhit);
REQUIRE(rdata->length >= 3);
REQUIRE(rdata->length > 0);
UNUSED(cctx);