mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

2147. [bug] libbind: remove potential buffer overflow from

Browse Source 
hmac_link.c. [RT #16437]
This commit is contained in:
Mark Andrews
2007-02-26 01:51:43 +00:00
parent 340a05967a
commit 0deee29113
2 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
2147. [bug] libbind: remove potential buffer overflow from
hmac_link.c. [RT #16437]
2146. [cleanup] Silence Linux's spurious "obsolete setsockopt 2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
SO_BSDCOMPAT" message. [RT #16641] SO_BSDCOMPAT" message. [RT #16641]

22
lib/bind/dst/hmac_link.c
View File

@@ -1,6 +1,6 @@
#ifdef HMAC_MD5 #ifdef HMAC_MD5
#ifndef LINT #ifndef LINT
static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/hmac_link.c,v 1.6 2006/03/09 23:57:56 marka Exp $"; static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/hmac_link.c,v 1.7 2007/02/26 01:51:43 marka Exp $";
#endif #endif
/* /*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
@@ -276,13 +276,18 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
const int buff_len) const int buff_len)
{ {
char *bp; char *bp;
int len, b_len, i, key_len; int len, i, key_len;
u_char key[HMAC_LEN]; u_char key[HMAC_LEN];
HMAC_Key *hkey; HMAC_Key *hkey;
if (dkey == NULL || dkey->dk_KEY_struct == NULL) if (dkey == NULL || dkey->dk_KEY_struct == NULL)
return (0); return (0);
if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str)) /*
* Using snprintf() would be so much simpler here.
*/
if (buff == NULL ||
buff_len <= (int)(strlen(key_file_fmt_str) +
strlen(KEY_FILE_FORMAT) + 4))
return (-1); /*%< no OR not enough space in output area */ return (-1); /*%< no OR not enough space in output area */
hkey = (HMAC_Key *) dkey->dk_KEY_struct; hkey = (HMAC_Key *) dkey->dk_KEY_struct;
memset(buff, 0, buff_len); /*%< just in case */ memset(buff, 0, buff_len); /*%< just in case */
@@ -290,7 +295,6 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC"); sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
bp = buff + strlen(buff); bp = buff + strlen(buff);
b_len = buff_len - (bp - buff);
memset(key, 0, HMAC_LEN); memset(key, 0, HMAC_LEN);
for (i = 0; i < HMAC_LEN; i++) for (i = 0; i < HMAC_LEN; i++)
@@ -300,19 +304,21 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
break; break;
key_len = i + 1; key_len = i + 1;
if (buff_len - (bp - buff) < 6)
return (-1);
strcat(bp, "Key: "); strcat(bp, "Key: ");
bp += strlen("Key: "); bp += strlen("Key: ");
b_len = buff_len - (bp - buff);
len = b64_ntop(key, key_len, bp, b_len); len = b64_ntop(key, key_len, bp, buff_len - (bp - buff));
if (len < 0) if (len < 0)
return (-1); return (-1);
bp += len; bp += len;
if (buff_len - (bp - buff) < 2)
return (-1);
*(bp++) = '\n'; *(bp++) = '\n';
*bp = '\0'; *bp = '\0';
b_len = buff_len - (bp - buff);
return (buff_len - b_len); return (bp - buff);
} }