mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Grow the lex token buffer in one more place

Browse Source 
when parsing key pairs, if the '=' character fell at max_token
a protective INSIST preventing buffer overrun could be triggered.
Attempt to grow the buffer immediately before the INSIST.

Also removed an unnecessary INSIST on the opening double quote
of key buffer pair.
This commit is contained in:
Mark Andrews
2022-02-28 11:47:56 +11:00
committed by Evan Hunt
parent ed3dd45da8
commit 4c356d2770
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/isc/lex.c
View File

@@ -674,6 +674,13 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
case lexstate_string:
if (!escaped && c == '=' &&
(options & ISC_LEXOPT_VPAIR) != 0) {
if (remaining == 0U) {
result = grow_data(lex, &remaining,
&curr, &prev);
if (result != ISC_R_SUCCESS) {
goto done;
}
}
INSIST(remaining > 0U);
*curr++ = c;
*curr = '\0';
@@ -686,7 +693,6 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
if (state == lexstate_vpairstart) {
if (c == '"' &&
(options & ISC_LEXOPT_QVPAIR) != 0) {
INSIST(remaining > 0U);
no_comments = true;
state = lexstate_qvpair;
break;