upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Mark Andrews c2a5b88275 Attempt to silence untrusted loop bound 
Assign hit_len + key_len to len and test the result
rather than recomputing and letting the compiler simplify.

    213        isc_region_consume(&region, 2); /* hit length + algorithm */
        9. tainted_return_value: Function uint16_fromregion returns tainted data. [show details]
        10. tainted_data_transitive: Call to function uint16_fromregion with tainted argument *region.base returns tainted data.
        11. tainted_return_value: Function uint16_fromregion returns tainted data.
        12. tainted_data_transitive: Call to function uint16_fromregion with tainted argument *region.base returns tainted data.
        13. var_assign: Assigning: key_len = uint16_fromregion(&region), which taints key_len.
    214        key_len = uint16_fromregion(&region);
        14. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        15. Condition key_len == 0, taking false branch.
    215        if (key_len == 0) {
    216                RETERR(DNS_R_FORMERR);
    217        }
        16. Condition !!(_r->length >= _l), taking true branch.
        17. Condition !!(_r->length >= _l), taking true branch.
    218        isc_region_consume(&region, 2);
        18. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        19. Condition region.length < (unsigned int)(hit_len + key_len), taking false branch.
    219        if (region.length < (unsigned)(hit_len + key_len)) {
    220                RETERR(DNS_R_FORMERR);
    221        }
    222
        20. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        21. Condition _r != 0, taking false branch.
    223        RETERR(mem_tobuffer(target, rr.base, 4 + hit_len + key_len));
        22. lower_bounds: Casting narrower unsigned key_len to wider signed type int effectively tests its lower bound.
        23. var_assign_var: Compound assignment involving tainted variable 4 + hit_len + key_len to variable source->current taints source->current.
    224        isc_buffer_forward(source, 4 + hit_len + key_len);
    225
    226        dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);

    CID 281461 (#1 of 1): Untrusted loop bound (TAINTED_SCALAR)
        24. tainted_data: Using tainted variable source->active - source->current as a loop boundary.
    Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
    227        while (isc_buffer_activelength(source) > 0) {
    228                dns_name_init(&name, NULL);
    229                RETERR(dns_name_fromwire(&name, source, dctx, options, target));
    230        }

(cherry picked from commit 2f946c831a)
2021-02-08 14:05:11 +11:00
..
bind9 add syntax and setter/getter functions to configure max-ixfr-ratio 2021-01-26 12:38:32 +01:00
dns Attempt to silence untrusted loop bound 2021-02-08 14:05:11 +11:00
irs Use -release instead of -version-info for internal library SONAMEs 2021-01-25 15:28:09 +01:00
isc Use -release instead of -version-info for internal library SONAMEs 2021-01-25 15:28:09 +01:00
isccc Use -release instead of -version-info for internal library SONAMEs 2021-01-25 15:28:09 +01:00
isccfg Added option for disabling stale-answer-client-timeout 2021-01-29 10:38:58 +01:00
ns Update code flow in query.c wrt stale data 2021-01-29 10:43:41 +01:00
samples Add libssl libraries to Windows build 2020-12-09 10:46:16 +01:00
win32/bindevt update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
.gitignore added gitignore, removed cvsignore 2012-03-03 23:10:05 -08:00
Kyuafile link in lib/isccc/tests/Kyuafile 2018-11-13 07:23:36 +11:00
Makefile.in remove lib/tests as nothing uses it anymore 2018-03-09 14:12:50 -08:00