upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Tighten DBC restrictions on message sections

Browse source 
dns_message_findname and dns_message_sectiontotext incorrectly accepted
DNS_SECTION_ANY.  If DNS_SECTION_ANY was passed the section array could
be incorrectly accessed at (-1).

dns_message_pseudosectiontotext and dns_message_pseudosectiontoyaml
incorrectly accepted DNS_PSEUDOSECTION_ANY.  These functions are
designed to process a single section.
This commit is contained in:
Mark Andrews 2022-02-14 16:13:46 +11:00
parent 3358f712c9
commit d4892f7cdc
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/dns/include/dns/message.h
View file

@ -434,7 +434,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
*
*\li 'target' is a valid buffer.
*
*\li 'section' is a valid section label.
*\li 'section' is a named section label.
*
* Ensures:
*
@ -806,7 +806,7 @@ dns_message_findname(dns_message_t *msg, dns_section_t section,
* Requires:
*\li 'msg' be valid.
*
*\li 'section' be a valid section.
*\li 'section' be a named section.
*
*\li If a pointer to the name is desired, 'foundname' should be non-NULL.
* If it is non-NULL, '*foundname' MUST be NULL.

10
lib/dns/message.c
View file

@ -97,6 +97,8 @@ hexdump(const char *msg, const char *msg2, void *base, size_t len) {
} else \
isc_buffer_putstr(b, s); \
}
#define VALID_NAMED_PSEUDOSECTION(s) \
(((s) > DNS_PSEUDOSECTION_ANY) && ((s) < DNS_PSEUDOSECTION_MAX))
#define VALID_PSEUDOSECTION(s) \
(((s) >= DNS_PSEUDOSECTION_ANY) && ((s) < DNS_PSEUDOSECTION_MAX))
@ -2452,7 +2454,7 @@ dns_message_findname(dns_message_t *msg, dns_section_t section,
* to be filled in, that we can in fact fill it in.
*/
REQUIRE(msg != NULL);
REQUIRE(VALID_SECTION(section));
REQUIRE(VALID_NAMED_SECTION(section));
REQUIRE(target != NULL);
REQUIRE(name == NULL || *name == NULL);
@ -3302,7 +3304,7 @@ dns_message_sectiontotext(dns_message_t *msg, dns_section_t section,
REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(target != NULL);
REQUIRE(VALID_SECTION(section));
REQUIRE(VALID_NAMED_SECTION(section));
saved_count = msg->indent.count;
@ -3518,7 +3520,7 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg, dns_pseudosection_t section,
REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(target != NULL);
REQUIRE(VALID_PSEUDOSECTION(section));
REQUIRE(VALID_NAMED_PSEUDOSECTION(section));
saved_count = msg->indent.count;
@ -3882,7 +3884,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(target != NULL);
REQUIRE(VALID_PSEUDOSECTION(section));
REQUIRE(VALID_NAMED_PSEUDOSECTION(section));
if ((dns_master_styleflags(style) & DNS_STYLEFLAG_YAML) != 0) {
return (dns_message_pseudosectiontoyaml(msg, section, style,