From fe24f3249b41decd6195f8e1c7421237f46a7f35 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 16 Jun 2026 11:08:14 +0000 Subject: [PATCH] Add a maximum length for isc_url_parse() input buffer The isc_url_parse() function failed to check the input buffer's length and assumed that it can't be bigger than UINT16_MAX, because both the 'off' and 'len' fields of the 'isc_url_parser_t' structure are uint16_t. Add a check to not accept a buffer longer than UINT16_MAX. (cherry picked from commit b878f82409468842acf56c496025cee19b66a2bc) --- lib/isc/url.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/isc/url.c b/lib/isc/url.c index 6ba4cb4991..e6a3b830ee 100644 --- a/lib/isc/url.c +++ b/lib/isc/url.c @@ -549,8 +549,8 @@ isc_url_parse(const char *buf, size_t buflen, bool is_connect, int found_at = 0; const char *p = NULL; - if (buflen == 0) { - return ISC_R_FAILURE; + if (buflen == 0 || buflen > UINT16_MAX) { + return ISC_R_RANGE; } up->port = up->field_set = 0;