mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

[9.20] fix: nil: silence tainted scalar in client.c

Browse Source 
Coverity detected that 'optlen' was not being checked in 'process_opt'.  
This is actually already done when the OPT record was initially  
parsed.  Add an INSIST to silence Coverity as is done in message.c.

Closes #5330

Backport of MR !10500

Merge branch 'backport-5330-tainted-scalar-in-client-c-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10505
This commit is contained in:
Mark Andrews
2025-05-29 08:01:23 +00:00
parent bdcd698edf 2ecac031ba
commit 6b6659e1e7
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/ns/client.c
View File

@@ -1561,6 +1561,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
while (isc_buffer_remaininglength(&optbuf) >= 4) { while (isc_buffer_remaininglength(&optbuf) >= 4) {
optcode = isc_buffer_getuint16(&optbuf); optcode = isc_buffer_getuint16(&optbuf);
optlen = isc_buffer_getuint16(&optbuf); optlen = isc_buffer_getuint16(&optbuf);
INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
/* /*
* When returning BADVERSION, only process * When returning BADVERSION, only process
* DNS_OPT_NSID or DNS_OPT_COOKIE options. * DNS_OPT_NSID or DNS_OPT_COOKIE options.