Merge branch '2469-cid-281461-untrusted-loop-bound' into 'main'

Resolve "CID 281461: untrusted loop bound" Closes #2469 See merge request isc-projects/bind9!4642
2026-06-08 22:22:05 -04:00 · 2021-02-08 02:55:31 +00:00 · 2021-02-08 02:55:31 +00:00 · a415424339
commit a415424339
parent 64d5dad92a 2f946c831a
1 changed files with 5 additions and 3 deletions
--- a/lib/dns/rdata/generic/hip_55.c
+++ b/lib/dns/rdata/generic/hip_55.c
@ -194,6 +194,7 @@ fromwire_hip(ARGS_FROMWIRE) {
 	dns_name_t name;
 	uint8_t hit_len;
 	uint16_t key_len;
+	size_t len;

 	REQUIRE(type == dns_rdatatype_hip);

@ -216,12 +217,13 @@ fromwire_hip(ARGS_FROMWIRE) {
 		RETERR(DNS_R_FORMERR);
 	}
 	isc_region_consume(&region, 2);
-	if (region.length < (unsigned)(hit_len + key_len)) {
+	len = hit_len + key_len;
+	if (len > region.length) {
 		RETERR(DNS_R_FORMERR);
 	}

-	RETERR(mem_tobuffer(target, rr.base, 4 + hit_len + key_len));
-	isc_buffer_forward(source, 4 + hit_len + key_len);
+	RETERR(mem_tobuffer(target, rr.base, 4 + len));
+	isc_buffer_forward(source, 4 + len);

 	dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
 	while (isc_buffer_activelength(source) > 0) {