From e7ef0a60ab4ffedf5a8defe86a02452b0ee124ab Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 9 Jul 2024 11:59:39 +1000
Subject: [PATCH] Prevent overflow of size

If size overflows we will have an infinite loop.  In practice
this will not happen unless we have made a coding error.  Add
an INSIST to detect this condition.

    181        while (!done) {
    182                isc_buffer_allocate(mctx, &b, size);
    183                result = dns_rdata_totext(rdata, NULL, b);
    184                if (result == ISC_R_SUCCESS) {
    185                        printf("%.*s\n", (int)isc_buffer_usedlength(b),
    186                               (char *)isc_buffer_base(b));
    187                        done = true;
    188                } else if (result != ISC_R_NOSPACE) {
    189                        check_result(result, "dns_rdata_totext");
    190                }
    191                isc_buffer_free(&b);

    CID 498025: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
    overflow_const: Expression size, which is equal to 0, overflows the type that
    receives it, an unsigned integer 32 bits wide.
    192                size *= 2;
    193        }
---
 bin/dig/nslookup.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index 12ba49d311..4b813511b7 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c
@@ -189,6 +189,7 @@ printrdata(dns_rdata_t *rdata) {
 			check_result(result, "dns_rdata_totext");
 		}
 		isc_buffer_free(&b);
+		INSIST(size <= (UINT_MAX / 2));
 		size *= 2;
 	}
 }