44 lines
1.5 KiB
Diff
44 lines
1.5 KiB
Diff
|
From c284112becef6b6605ae4f18363afac3b0e173fd Mon Sep 17 00:00:00 2001
|
||
|
|
From: Mark Andrews <marka@isc.org>
|
||
|
|
Date: Fri, 4 Mar 2022 09:37:39 +1100
|
||
|
|
Subject: [PATCH] Prevent arithmetic overflow of 'i' in master.c:generate
|
||
|
|
|
||
|
|
the value of 'i' in generate could overflow when adding 'step' to
|
||
|
|
it in the 'for' loop. Use an unsigned int for 'i' which will give
|
||
|
|
an additional bit and prevent the overflow. The inputs are both
|
||
|
|
less than 2^31 and and the result will be less than 2^32-1.
|
||
|
|
|
||
|
|
(cherry picked from commit 5abdee9004f118b2c1301229418f93de7626e66f)
|
||
|
|
Conflict: NA
|
||
|
|
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/c284112becef6b6605ae4f18363afac3b0e173fd
|
||
|
|
---
|
||
|
|
lib/dns/master.c | 5 +++--
|
||
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/lib/dns/master.c b/lib/dns/master.c
|
||
|
|
index 75f59396a7..e1ba723104 100644
|
||
|
|
--- a/lib/dns/master.c
|
||
|
|
+++ b/lib/dns/master.c
|
||
|
|
@@ -800,7 +800,8 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
|
||
|
|
isc_buffer_t target;
|
||
|
|
isc_result_t result;
|
||
|
|
isc_textregion_t r;
|
||
|
|
- int i, n, start, stop, step = 0;
|
||
|
|
+ int n, start, stop, step = 0;
|
||
|
|
+ unsigned int i;
|
||
|
|
dns_incctx_t *ictx;
|
||
|
|
char dummy[2];
|
||
|
|
|
||
|
|
@@ -855,7 +856,7 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
|
||
|
|
goto insist_cleanup;
|
||
|
|
}
|
||
|
|
|
||
|
|
- for (i = start; i <= stop; i += step) {
|
||
|
|
+ for (i = start; i <= (unsigned int)stop; i += step) {
|
||
|
|
result = genname(lhs, i, lhsbuf, DNS_MASTER_LHS);
|
||
|
|
if (result != ISC_R_SUCCESS) {
|
||
|
|
goto error_cleanup;
|
||
|
|
--
|
||
|
|
2.23.0
|
||
|
|
|