upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-16 01:58:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

2706. [bug] Loading a zone with a very large NSEC3 salt could

Browse source 
trigger an assert. [RT #20368]
This commit is contained in:
Evan Hunt 2009-10-06 21:20:18 +00:00
parent b42ba4cace
commit a9775fe88d
4 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
2706. [bug] Loading a zone with a very large NSEC3 salt could
trigger an assert. [RT #20368]
2705. [bug] Reconcile the XML stats version number with a later
BIND9 release, by adding a "name" attribute to
"cache" elements and increasing the version number

7
bin/tests/nsec3hash.c
View file

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsec3hash.c,v 1.4 2008/09/26 01:31:19 marka Exp $ */
/* $Id: nsec3hash.c,v 1.4.48.1 2009/10/06 21:20:18 each Exp $ */
#include <config.h>
@ -32,6 +32,7 @@
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/nsec3.h>
#include <dns/types.h>
const char *program = "nsec3hash";
@ -67,7 +68,7 @@ main(int argc, char **argv) {
isc_region_t region;
isc_result_t result;
unsigned char hash[NSEC3_MAX_HASH_LENGTH];
unsigned char salt[255];
unsigned char salt[DNS_NSEC3_SALTSIZE];
unsigned char text[1024];
unsigned int hash_alg;
unsigned int length;
@ -85,7 +86,7 @@ main(int argc, char **argv) {
result = isc_hex_decodestring(argv[1], &buffer);
check_result(result, "isc_hex_decodestring(salt)");
salt_length = isc_buffer_usedlength(&buffer);
if (salt_length > 255U)
if (salt_length > DNS_NSEC3_SALTSIZE)
fatal("salt too long");
}
hash_alg = atoi(argv[2]);

4
lib/dns/include/dns/nsec3.h
View file

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsec3.h,v 1.5.48.2 2009/01/18 23:47:41 tbox Exp $ */
/* $Id: nsec3.h,v 1.5.48.3 2009/10/06 21:20:18 each Exp $ */
#ifndef DNS_NSEC3_H
#define DNS_NSEC3_H 1
@ -28,6 +28,8 @@
#include <dns/rdatastruct.h>
#include <dns/types.h>
#define DNS_NSEC3_SALTSIZE 255
/*
* hash = 1, flags =1, iterations = 2, salt length = 1, salt = 255 (max)
* hash length = 1, hash = 255 (max), bitmap = 8192 + 512 (max)

10
lib/dns/rbtdb.c
View file

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rbtdb.c,v 1.270.12.9 2009/10/03 23:47:29 tbox Exp $ */
/* $Id: rbtdb.c,v 1.270.12.10 2009/10/06 21:20:18 each Exp $ */
/*! \file */
@ -383,7 +383,7 @@ typedef struct rbtdb_version {
isc_uint8_t flags;
isc_uint16_t iterations;
isc_uint8_t salt_length;
unsigned char salt[NSEC3_MAX_HASH_LENGTH];
unsigned char salt[DNS_NSEC3_SALTSIZE];
} rbtdb_version_t;
typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t;
@ -2064,8 +2064,6 @@ setnsec3parameters(dns_db_t *db, rbtdb_version_t *version,
continue;
#endif
INSIST(nsec3param.salt_length <=
sizeof(version->salt));
memcpy(version->salt, nsec3param.salt,
nsec3param.salt_length);
version->hash = nsec3param.hash;
@ -6635,8 +6633,8 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, dns_hash_t *hash,
if (rbtversion->havensec3) {
if (hash != NULL)
*hash = rbtversion->hash;
if (salt != NULL && salt_length != 0) {
REQUIRE(*salt_length > rbtversion->salt_length);
if (salt != NULL && salt_length != NULL) {
REQUIRE(*salt_length >= rbtversion->salt_length);
memcpy(salt, rbtversion->salt, rbtversion->salt_length);
}
if (salt_length != NULL)