RPZ: Don't diff keys out of bounds, found via Valgrind (#38559)

(cherry picked from commit 73639a33fa) Conflicts: CHANGES lib/dns/rpz.c
2026-04-29 18:09:11 -04:00 · 2015-02-16 12:09:30 +05:30 · 2015-02-16 12:09:30 +05:30 · 76a3ca378c
commit 76a3ca378c
parent e87fa9ae0f
2 changed files with 8 additions and 2 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+4062.	[bug]		Fix an out-of-bounds read in RPZ code. If the
+			read succeeded, it doesn't result in a bug
+			during operation. If the read failed, named
+			could segfault. [RT #38559]
+
 	--- 9.9.7 released ---

 	--- 9.9.7rc2 released ---
--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@ -741,13 +741,14 @@ diff_keys(const dns_rpz_cidr_key_t *key1, dns_rpz_cidr_bits_t bits1,
 	dns_rpz_cidr_bits_t maxbit, bit;
 	int i;

+	bit = 0;
 	maxbit = ISC_MIN(bits1, bits2);

 	/*
 	 * find the first differing words
 	 */
-	for (i = 0, bit = 0;
-	     bit <= maxbit;
+	for (i = 0;
+	     bit < maxbit;
 	     i++, bit += DNS_RPZ_CIDR_WORD_BITS) {
 		delta = key1->w[i] ^ key2->w[i];
 		if (delta != 0) {