1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
https://gitlab.isc.org/isc-projects/bind9/-/commit/b6670787d25743ddf39dfe8e615828efc928f50d
https://gitlab.isc.org/isc-projects/bind9/-/issues/3351
https://bugs.gentoo.org/847295
From: Evan Hunt <each@isc.org>
Date: Fri, 13 May 2022 19:59:58 -0700
Subject: [PATCH] prevent a possible buffer overflow in configuration check
corrected code that could have allowed a buffer overfow while
parsing named.conf.
(cherry picked from commit 921043b54161c7a3e6dc4036b038ca4dbc5fe472)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -2500,8 +2500,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
} else if (dns_name_isula(zname)) {
ula = true;
}
- tmp += strlen(tmp);
len -= strlen(tmp);
+ tmp += strlen(tmp);
(void)snprintf(tmp, len, "%u/%s", zclass,
(ztype == CFG_ZONE_INVIEW) ? target
: (viewname != NULL) ? viewname
@@ -3247,8 +3247,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
char *tmp = keydirbuf;
size_t len = sizeof(keydirbuf);
dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
- tmp += strlen(tmp);
len -= strlen(tmp);
+ tmp += strlen(tmp);
(void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
tresult = keydirexist(zconfig, (const char *)keydirbuf,
kaspname, keydirs, logctx, mctx);
GitLab
|
