4582. [security] 'rndc ""' could trigger a assertion failure in named.

(CVE-2017-3138) [RT #44924] (cherry picked from commit 8e8dfc5941)
2026-06-13 21:59:59 -04:00 · 2017-03-25 02:00:17 +11:00 · 2017-03-25 02:00:17 +11:00 · a636604b20
commit a636604b20
parent b51818af06
4 changed files with 14 additions and 4 deletions
--- a/3
+++ b/3
@ -1,5 +1,8 @@
 	--- 9.10.5rc3 released ---

+4582.	[security]	'rndc ""' could trigger a assertion failure in named.
+			(CVE-2017-3138) [RT #44924]
+
 4581.	[port]		Linux: Add getpid and getrandom to the list of system
 			calls named uses for seccomp. [RT #44883]

--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@ -434,5 +434,13 @@ grep "received control channel command 'null with extra arguments'" ns2/named.ru
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+n=`expr $n + 1`
+echo "I:check 'rndc \"\"' is handled ($n)"
+ret=0
+$RNDCCMD "" > rndc.out.test$n 2>&1 && ret=1
+grep "rndc: '' failed: failure" rndc.out.test$n > /dev/null
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/lib/isc/include/isc/lex.h
+++ b/lib/isc/include/isc/lex.h
@ -152,8 +152,6 @@ isc_lex_create(isc_mem_t *mctx, size_t max_token, isc_lex_t **lexp);
 * Requires:
 *\li	'*lexp' is a valid lexer.
 *
- *\li	max_token > 0.
- *
 * Ensures:
 *\li	On success, *lexp is attached to the newly created lexer.
 *
--- a/lib/isc/lex.c
+++ b/lib/isc/lex.c
@ -94,9 +94,10 @@ isc_lex_create(isc_mem_t *mctx, size_t max_token, isc_lex_t **lexp) {
 	/*
 	 * Create a lexer.
 	 */
-
 	REQUIRE(lexp != NULL && *lexp == NULL);
-	REQUIRE(max_token > 0U);
+
+	if (max_token == 0U)
+		max_token = 1;

 	lex = isc_mem_get(mctx, sizeof(*lex));
 	if (lex == NULL)