upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 14:02:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check that buffer length in dns_message_renderbegin

Browse source 
The maximum DNS message size is 65535 octets. Check that the buffer
being passed to dns_message_renderbegin does not exceed this as the
compression code assumes that all offsets are no bigger than this.
This commit is contained in:
Mark Andrews 2023-11-16 11:15:49 +11:00
parent dc25df18f3
commit a069513234
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/dns/include/dns/message.h
View file

@ -600,7 +600,7 @@ dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx,
*
*\li 'cctx' be valid.
*
*\li 'buffer' is a valid buffer.
*\li 'buffer' is a valid buffer with length less than 65536.
*
* Side Effects:
*

1
lib/dns/message.c
View file

@ -1735,6 +1735,7 @@ dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx,
REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(buffer != NULL);
REQUIRE(isc_buffer_length(buffer) < 65536);
REQUIRE(msg->buffer == NULL);
REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTRENDER);