From 2ecac031ba280b2dd1eb712fcfa0df2e41b682a0 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 29 May 2025 09:42:08 +1000 Subject: [PATCH] Silence tainted scalar in client.c Coverity detected that 'optlen' was not being checked in 'process_opt'. This is actually already done when the OPT record was initially parsed. Add an INSIST to silence Coverity as is done in message.c. (cherry picked from commit 72cd6e85916e02fe7f51806eb25ee0c5a973398a) --- lib/ns/client.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ns/client.c b/lib/ns/client.c index 048a6c72b7..f2b9bbbfb1 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -1561,6 +1561,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { while (isc_buffer_remaininglength(&optbuf) >= 4) { optcode = isc_buffer_getuint16(&optbuf); optlen = isc_buffer_getuint16(&optbuf); + + INSIST(isc_buffer_remaininglength(&optbuf) >= optlen); + /* * When returning BADVERSION, only process * DNS_OPT_NSID or DNS_OPT_COOKIE options.