Add a maximum length for isc_url_parse() input buffer

The isc_url_parse() function failed to check the input buffer's
length and assumed that it can't be bigger than UINT16_MAX, because
both the 'off' and 'len' fields of the 'isc_url_parser_t' structure
are uint16_t.

Add a check to not accept a buffer longer than UINT16_MAX.

(cherry picked from commit b878f82409)
This commit is contained in:
Aram Sargsyan 2026-06-16 11:08:14 +00:00 committed by Arаm Sаrgsyаn (GitLab job 7748504)
parent c3733e12f9
commit fe24f3249b

View file

@ -549,8 +549,8 @@ isc_url_parse(const char *buf, size_t buflen, bool is_connect,
int found_at = 0;
const char *p = NULL;
if (buflen == 0) {
return ISC_R_FAILURE;
if (buflen == 0 || buflen > UINT16_MAX) {
return ISC_R_RANGE;
}
up->port = up->field_set = 0;