mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

check chain length is nonzero before examining last entry

Browse Source 
It was possible to reach add_link() without visiting an
intermediate node first, and the check for a duplicate entry
could then cause a crash.

Credit to OSS-Fuzz for discovering this error.
This commit is contained in:
Evan Hunt
2023-10-11 11:03:00 -07:00
parent a87436d3d5
commit 3a206da456
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/dns/qp.c
View File

@@ -1997,7 +1997,7 @@ dns_qp_getname(dns_qpreadable_t qpr, const dns_name_t *name, void **pval_r,
static inline void static inline void
add_link(dns_qpchain_t *chain, dns_qpnode_t *node, size_t offset) { add_link(dns_qpchain_t *chain, dns_qpnode_t *node, size_t offset) {
/* prevent duplication */ /* prevent duplication */
if (chain->chain[chain->len - 1].node == node) { if (chain->len != 0 && chain->chain[chain->len - 1].node == node) {
return; return;
} }
chain->chain[chain->len].node = node; chain->chain[chain->len].node = node;