bind/backport-0020-Grow-the-lex-token-buffer-in-one-more-place.patch

From 0b6af23d619e6969c481f51f7360e5a7299be8f5 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 28 Feb 2022 11:47:56 +1100
Subject: [PATCH] Grow the lex token buffer in one more place

when parsing key pairs, if the '=' character fell at max_token
a protective INSIST preventing buffer overrun could be triggered.
Attempt to grow the buffer immediately before the INSIST.

Also removed an unnecessary INSIST on the opening double quote
of key buffer pair.

(cherry picked from commit 4c356d277002d3e2f60fe43aaa85a4d524d933f8)
Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/0b6af23d619e6969c481f51f7360e5a7299be8f5
---
 lib/isc/lex.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/isc/lex.c b/lib/isc/lex.c
index 9546553800..aa9b549f79 100644
--- a/lib/isc/lex.c
+++ b/lib/isc/lex.c
@@ -670,6 +670,13 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
 		case lexstate_string:
 			if (!escaped && c == '=' &&
 			    (options & ISC_LEXOPT_VPAIR) != 0) {
+				if (remaining == 0U) {
+					result = grow_data(lex, &remaining,
+							   &curr, &prev);
+					if (result != ISC_R_SUCCESS) {
+						goto done;
+					}
+				}
 				INSIST(remaining > 0U);
 				*curr++ = c;
 				*curr = '\0';
@@ -682,7 +689,6 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
 			if (state == lexstate_vpairstart) {
 				if (c == '"' &&
 				    (options & ISC_LEXOPT_QVPAIR) != 0) {
-					INSIST(remaining > 0U);
 					no_comments = true;
 					state = lexstate_qvpair;
 					break;
-- 
2.23.0
backport bugfix patches 2022-12-26 15:55:21 +08:00			`From 0b6af23d619e6969c481f51f7360e5a7299be8f5 Mon Sep 17 00:00:00 2001`
			`From: Mark Andrews <marka@isc.org>`
			`Date: Mon, 28 Feb 2022 11:47:56 +1100`
			`Subject: [PATCH] Grow the lex token buffer in one more place`

			`when parsing key pairs, if the '=' character fell at max_token`
			`a protective INSIST preventing buffer overrun could be triggered.`
			`Attempt to grow the buffer immediately before the INSIST.`

			`Also removed an unnecessary INSIST on the opening double quote`
			`of key buffer pair.`

			`(cherry picked from commit 4c356d277002d3e2f60fe43aaa85a4d524d933f8)`
			`Conflict: NA`
			`Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/0b6af23d619e6969c481f51f7360e5a7299be8f5`
			`---`
			`lib/isc/lex.c \| 8 +++++++-`
			`1 file changed, 7 insertions(+), 1 deletion(-)`

			`diff --git a/lib/isc/lex.c b/lib/isc/lex.c`
			`index 9546553800..aa9b549f79 100644`
			`--- a/lib/isc/lex.c`
			`+++ b/lib/isc/lex.c`
			`@@ -670,6 +670,13 @@ isc_lex_gettoken(isc_lex_t lex, unsigned int options, isc_token_t tokenp) {`
			`case lexstate_string:`
			`if (!escaped && c == '=' &&`
			`(options & ISC_LEXOPT_VPAIR) != 0) {`
			`+ if (remaining == 0U) {`
			`+ result = grow_data(lex, &remaining,`
			`+ &curr, &prev);`
			`+ if (result != ISC_R_SUCCESS) {`
			`+ goto done;`
			`+ }`
			`+ }`
			`INSIST(remaining > 0U);`
			`*curr++ = c;`
			`*curr = '\0';`
			`@@ -682,7 +689,6 @@ isc_lex_gettoken(isc_lex_t lex, unsigned int options, isc_token_t tokenp) {`
			`if (state == lexstate_vpairstart) {`
			`if (c == '"' &&`
			`(options & ISC_LEXOPT_QVPAIR) != 0) {`
			`- INSIST(remaining > 0U);`
			`no_comments = true;`
			`state = lexstate_qvpair;`
			`break;`
			`--`
			`2.23.0`