49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
From 0b6af23d619e6969c481f51f7360e5a7299be8f5 Mon Sep 17 00:00:00 2001
|
|
From: Mark Andrews <marka@isc.org>
|
|
Date: Mon, 28 Feb 2022 11:47:56 +1100
|
|
Subject: [PATCH] Grow the lex token buffer in one more place
|
|
|
|
when parsing key pairs, if the '=' character fell at max_token
|
|
a protective INSIST preventing buffer overrun could be triggered.
|
|
Attempt to grow the buffer immediately before the INSIST.
|
|
|
|
Also removed an unnecessary INSIST on the opening double quote
|
|
of key buffer pair.
|
|
|
|
(cherry picked from commit 4c356d277002d3e2f60fe43aaa85a4d524d933f8)
|
|
Conflict: NA
|
|
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/0b6af23d619e6969c481f51f7360e5a7299be8f5
|
|
---
|
|
lib/isc/lex.c | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/isc/lex.c b/lib/isc/lex.c
|
|
index 9546553800..aa9b549f79 100644
|
|
--- a/lib/isc/lex.c
|
|
+++ b/lib/isc/lex.c
|
|
@@ -670,6 +670,13 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
|
|
case lexstate_string:
|
|
if (!escaped && c == '=' &&
|
|
(options & ISC_LEXOPT_VPAIR) != 0) {
|
|
+ if (remaining == 0U) {
|
|
+ result = grow_data(lex, &remaining,
|
|
+ &curr, &prev);
|
|
+ if (result != ISC_R_SUCCESS) {
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
INSIST(remaining > 0U);
|
|
*curr++ = c;
|
|
*curr = '\0';
|
|
@@ -682,7 +689,6 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
|
|
if (state == lexstate_vpairstart) {
|
|
if (c == '"' &&
|
|
(options & ISC_LEXOPT_QVPAIR) != 0) {
|
|
- INSIST(remaining > 0U);
|
|
no_comments = true;
|
|
state = lexstate_qvpair;
|
|
break;
|
|
--
|
|
2.23.0
|
|
|