[9.20] fix: nil: silence tainted scalar in client.c

Coverity detected that 'optlen' was not being checked in 'process_opt'. This is actually already done when the OPT record was initially parsed. Add an INSIST to silence Coverity as is done in message.c. Closes #5330 Backport of MR !10500 Merge branch 'backport-5330-tainted-scalar-in-client-c-9.20' into 'bind-9.20' See merge request isc-projects/bind9!10505
2025-08-30 05:57:52 +00:00 · 2025-05-29 08:01:23 +00:00 · 2025-05-29 08:01:23 +00:00 · 6b6659e1e7
commit 6b6659e1e7
parent bdcd698edf 2ecac031ba
1 changed files with 3 additions and 0 deletions
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@ -1561,6 +1561,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
 		while (isc_buffer_remaininglength(&optbuf) >= 4) {
 			optcode = isc_buffer_getuint16(&optbuf);
 			optlen = isc_buffer_getuint16(&optbuf);
+
+			INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
+
 			/*
 			 * When returning BADVERSION, only process
 			 * DNS_OPT_NSID or DNS_OPT_COOKIE options.