From 37dbd57c163049cea87d9984b1b413b923aed23c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Thu, 25 Jul 2024 20:30:03 +0200
Subject: [PATCH] Fix the assertion failure when putting 48-bit number to
 buffer

When putting the 48-bit number into a fixed-size buffer that's exactly 6
bytes, the assertion failure would occur as the 48-bit number is
internally represented as 64-bit number and the code was checking if
there is enough space for `sizeof(val)`.  This causes assertion failure
when otherwise valid TSIG signature has a bad timing information.

Specify the size of the argument explicitly, so the 48-bit number
doesn't require 8-byte long buffer.
---
 lib/isc/include/isc/buffer.h | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/lib/isc/include/isc/buffer.h b/lib/isc/include/isc/buffer.h
index 8a2beac8f1..9c4a27d1d3 100644
--- a/lib/isc/include/isc/buffer.h
+++ b/lib/isc/include/isc/buffer.h
@@ -857,22 +857,21 @@ isc_buffer_getuint8(isc_buffer_t *restrict b) {
 	return (val);
 }
 
-#define ISC_BUFFER_PUT_RESERVE(b, v)                                           \
-	{                                                                      \
-		REQUIRE(ISC_BUFFER_VALID(b));                                  \
-                                                                               \
-		if (b->mctx) {                                                 \
-			isc_result_t result = isc_buffer_reserve(b,            \
-								 sizeof(val)); \
-			ENSURE(result == ISC_R_SUCCESS);                       \
-		}                                                              \
-                                                                               \
-		REQUIRE(isc_buffer_availablelength(b) >= sizeof(val));         \
+#define ISC_BUFFER_PUT_RESERVE(b, v, s)                                 \
+	{                                                               \
+		REQUIRE(ISC_BUFFER_VALID(b));                           \
+                                                                        \
+		if (b->mctx) {                                          \
+			isc_result_t result = isc_buffer_reserve(b, s); \
+			ENSURE(result == ISC_R_SUCCESS);                \
+		}                                                       \
+                                                                        \
+		REQUIRE(isc_buffer_availablelength(b) >= s);            \
 	}
 
 static inline void
 isc_buffer_putuint8(isc_buffer_t *restrict b, const uint8_t val) {
-	ISC_BUFFER_PUT_RESERVE(b, val);
+	ISC_BUFFER_PUT_RESERVE(b, val, sizeof(val));
 
 	uint8_t *cp = isc_buffer_used(b);
 	b->used += sizeof(val);
@@ -900,7 +899,7 @@ isc_buffer_getuint16(isc_buffer_t *restrict b) {
 
 static inline void
 isc_buffer_putuint16(isc_buffer_t *restrict b, const uint16_t val) {
-	ISC_BUFFER_PUT_RESERVE(b, val);
+	ISC_BUFFER_PUT_RESERVE(b, val, sizeof(val));
 
 	uint8_t *cp = isc_buffer_used(b);
 	b->used += sizeof(val);
@@ -928,7 +927,7 @@ isc_buffer_getuint32(isc_buffer_t *restrict b) {
 
 static inline void
 isc_buffer_putuint32(isc_buffer_t *restrict b, const uint32_t val) {
-	ISC_BUFFER_PUT_RESERVE(b, val);
+	ISC_BUFFER_PUT_RESERVE(b, val, sizeof(val));
 
 	uint8_t *cp = isc_buffer_used(b);
 	b->used += sizeof(val);
@@ -957,7 +956,7 @@ isc_buffer_getuint48(isc_buffer_t *restrict b) {
 
 static inline void
 isc_buffer_putuint48(isc_buffer_t *restrict b, const uint64_t val) {
-	ISC_BUFFER_PUT_RESERVE(b, val);
+	ISC_BUFFER_PUT_RESERVE(b, val, 6); /* 48-bits */
 
 	uint8_t *cp = isc_buffer_used(b);
 	b->used += 6;