From 746773525829c43c4c84e419e3499cd1a10b26ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 28 Mar 2018 20:57:20 +0200
Subject: [PATCH 1/2] Define PATH_MAX on Windows as _MAX_PATH, so we can use it
 everywhere

---
 lib/dns/view.c                          | 4 +++-
 lib/isc/win32/include/isc/platform.h.in | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/dns/view.c b/lib/dns/view.c
index f3f79f1679..b58dfdde73 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -13,8 +13,10 @@
 
 #include <config.h>
 
+#include <limits.h>
+
 #ifdef HAVE_LMDB
-#include <lmdb.h>
+ #include <lmdb.h>
 #endif
 
 #include <isc/file.h>
diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in
index 5ea3bfbe11..3da8f37c33 100644
--- a/lib/isc/win32/include/isc/platform.h.in
+++ b/lib/isc/win32/include/isc/platform.h.in
@@ -24,6 +24,10 @@
  *** Network.
  ***/
 
+#ifndef PATH_MAX
+#define PATH_MAX _MAX_PATH
+#endif
+
 #define ISC_PLATFORM_HAVEIPV6
 #if _MSC_VER > 1200
 #define ISC_PLATFORM_HAVEIN6PKTINFO

From 44b84cb5a697e8a10a59444032122b7a866b7b69 Mon Sep 17 00:00:00 2001
From: Mukund Sivaraman <muks@isc.org>
Date: Wed, 28 Mar 2018 22:11:22 +0530
Subject: [PATCH 2/2] Fix TSIG dump keyfile name buffer size issues

---
 lib/dns/view.c | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/lib/dns/view.c b/lib/dns/view.c
index b58dfdde73..049d0fd59f 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -352,28 +352,28 @@ destroy(dns_view_t *view) {
 
 	if (view->dynamickeys != NULL) {
 		isc_result_t result;
-		char template[20];
-		char keyfile[20];
+		char template[PATH_MAX];
+		char keyfile[PATH_MAX];
 		FILE *fp = NULL;
-		int n;
 
-		n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
-			     view->name);
-		if (n > 0 && (size_t)n < sizeof(keyfile)) {
-			result = isc_file_mktemplate(keyfile, template,
-						     sizeof(template));
-			if (result == ISC_R_SUCCESS)
-				(void)isc_file_openuniqueprivate(template, &fp);
+		result = isc_file_mktemplate(NULL, template, sizeof(template));
+		if (result == ISC_R_SUCCESS) {
+			(void)isc_file_openuniqueprivate(template, &fp);
 		}
-		if (fp == NULL)
+		if (fp == NULL) {
 			dns_tsigkeyring_detach(&view->dynamickeys);
-		else {
-			result = dns_tsigkeyring_dumpanddetach(
-							&view->dynamickeys, fp);
+		} else {
+			result = dns_tsigkeyring_dumpanddetach
+				(&view->dynamickeys, fp);
 			if (result == ISC_R_SUCCESS) {
-				if (fclose(fp) == 0)
-					result = isc_file_rename(template,
-								 keyfile);
+				if (fclose(fp) == 0) {
+					result = isc_file_sanitize
+						(NULL, view->name, "tsigkeys",
+						 keyfile, sizeof(keyfile));
+					if (result == ISC_R_SUCCESS)
+						result = isc_file_rename
+							(template, keyfile);
+				}
 				if (result != ISC_R_SUCCESS)
 					(void)remove(template);
 			} else {
@@ -907,15 +907,15 @@ dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp) {
 void
 dns_view_restorekeyring(dns_view_t *view) {
 	FILE *fp;
-	char keyfile[20];
-	int n;
+	char keyfile[PATH_MAX];
+	isc_result_t result;
 
 	REQUIRE(DNS_VIEW_VALID(view));
 
 	if (view->dynamickeys != NULL) {
-		n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
-			     view->name);
-		if (n > 0 && (size_t)n < sizeof(keyfile)) {
+		result = isc_file_sanitize(NULL, view->name, "tsigkeys",
+					   keyfile, sizeof(keyfile));
+		if (result == ISC_R_SUCCESS) {
 			fp = fopen(keyfile, "r");
 			if (fp != NULL) {
 				dns_keyring_restore(view->dynamickeys, fp);