bind9/lib
Mark Andrews c40133d840 Silence Insecure data handling (TAINTED_SCALAR)
Coverity assumes that the memory holding any value read using byte
swapping is tainted.  As we store the NSEC3PARAM records in wire
form and iterations is byte swapped the memory holding the record
is marked as tainted.  nsec3->salt_length is marked as tainted
transitively. To remove the taint the value need to be range checked.
For a correctly formatted record region.length should match
nsec3->salt_length and provides a convenient value to check the field
against.

    *** CID 316507:  Insecure data handling  (TAINTED_SCALAR)
    /lib/dns/rdata/generic/nsec3param_51.c: 241 in tostruct_nsec3param()
    235     	region.length = rdata->length;
    236     	nsec3param->hash = uint8_consume_fromregion(&region);
    237     	nsec3param->flags = uint8_consume_fromregion(&region);
    238     	nsec3param->iterations = uint16_consume_fromregion(&region);
    239
    240     	nsec3param->salt_length = uint8_consume_fromregion(&region);
    >>>     CID 316507:  Insecure data handling  (TAINTED_SCALAR)
    >>>     Passing tainted expression "nsec3param->salt_length" to "mem_maybedup", which uses it as an offset.
    241     	nsec3param->salt = mem_maybedup(mctx, region.base,
    242     					nsec3param->salt_length);
    243     	if (nsec3param->salt == NULL) {
    244     		return (ISC_R_NOMEMORY);
    245     	}
    246     	isc_region_consume(&region, nsec3param->salt_length);
2021-02-12 10:19:27 +11:00
..
bind9 Use -release instead of -version-info for internal library SONAMEs 2021-01-25 14:19:53 +01:00
dns Silence Insecure data handling (TAINTED_SCALAR) 2021-02-12 10:19:27 +11:00
irs Use -release instead of -version-info for internal library SONAMEs 2021-01-25 14:19:53 +01:00
isc Unit-test fixes and manual page updates for DoH configuration 2021-02-03 12:06:17 +01:00
isccc Use -release instead of -version-info for internal library SONAMEs 2021-01-25 14:19:53 +01:00
isccfg tls and http configuration code was unnecessarily complex 2021-02-03 12:06:17 +01:00
ns Drop AddressSanitizer constraint from libns unit tests 2021-02-10 09:54:32 +00:00
samples Add libssl libraries to Windows build 2020-11-09 16:00:28 +01:00
win32/bindevt update all copyright headers to eliminate the typo 2020-09-14 16:20:40 -07:00
.gitignore Provide unit test driver 2020-05-21 12:13:01 +02:00
Makefile.am Complete rewrite the BIND 9 build system 2020-04-21 14:19:48 +02:00
unit-test-driver.sh.in Provide unit test driver 2020-05-21 12:13:01 +02:00