mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Fix comparison between type uint16_t and wider type size_t in a loop

Browse Source 
Found by LGTM.com (see below for description), and while it should not
happen as EDNS OPT RDLEN is uint16_t, the fix is easy.  A little bit
of cleanup is included too.

> In a loop condition, comparison of a value of a narrow type with a value
> of a wide type may result in unexpected behavior if the wider value is
> sufficiently large (or small). This is because the narrower value may
> overflow. This can lead to an infinite loop.
This commit is contained in:
Ondřej Surý 2020-02-01 17:13:45 +01:00 committed by Mark Andrews
parent 9943c5dce5
commit a9bd6f6ea6
1 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/dns/resolver.c
View File

@ -7220,19 +7220,21 @@ log_nsid(isc_buffer_t *opt, size_t nsid_len, resquery_t *query,
{ {
static const char hex[17] = "0123456789abcdef"; static const char hex[17] = "0123456789abcdef";
char addrbuf[ISC_SOCKADDR_FORMATSIZE]; char addrbuf[ISC_SOCKADDR_FORMATSIZE];
uint16_t buflen, i; size_t buflen;
unsigned char *p, *nsid; unsigned char *p, *nsid;
unsigned char *buf = NULL, *pbuf = NULL; unsigned char *buf = NULL, *pbuf = NULL;
REQUIRE(nsid_len <= UINT16_MAX);
/* Allocate buffer for storing hex version of the NSID */ /* Allocate buffer for storing hex version of the NSID */
buflen = (uint16_t)nsid_len * 2 + 1; buflen = nsid_len * 2 + 1;
buf = isc_mem_get(mctx, buflen); buf = isc_mem_get(mctx, buflen);
pbuf = isc_mem_get(mctx, nsid_len + 1); pbuf = isc_mem_get(mctx, nsid_len + 1);
/* Convert to hex */ /* Convert to hex */
p = buf; p = buf;
nsid = isc_buffer_current(opt); nsid = isc_buffer_current(opt);
for (i = 0; i < nsid_len; i++) { for (size_t i = 0; i < nsid_len; i++) {
*p++ = hex[(nsid[i] >> 4) & 0xf]; *p++ = hex[(nsid[i] >> 4) & 0xf];
*p++ = hex[nsid[i] & 0xf]; *p++ = hex[nsid[i] & 0xf];
} }
@ -7240,11 +7242,8 @@ log_nsid(isc_buffer_t *opt, size_t nsid_len, resquery_t *query,
/* Make printable version */ /* Make printable version */
p = pbuf; p = pbuf;
for (i = 0; i < nsid_len; i++) { for (size_t i = 0; i < nsid_len; i++) {
if (isprint(nsid[i])) *p++ = isprint(nsid[i]) ? nsid[i] : '.';
*p++ = nsid[i];
else
*p++ = '.';
} }
*p = '\0'; *p = '\0';
@ -7254,9 +7253,7 @@ log_nsid(isc_buffer_t *opt, size_t nsid_len, resquery_t *query,
DNS_LOGMODULE_RESOLVER, level, DNS_LOGMODULE_RESOLVER, level,
"received NSID %s (\"%s\") from %s", buf, pbuf, addrbuf); "received NSID %s (\"%s\") from %s", buf, pbuf, addrbuf);
if (pbuf != NULL)
isc_mem_put(mctx, pbuf, nsid_len + 1); isc_mem_put(mctx, pbuf, nsid_len + 1);
if (buf != NULL)
isc_mem_put(mctx, buf, buflen); isc_mem_put(mctx, buf, buflen);
} }