packages/unbound
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
unbound/backport-004-CVE-2024-43168.patch
eaglegai e64e783ea6 fix CVE-2024-43168 better 
(cherry picked from commit 87321278ef201e74dbab50fea5aedaa085213344)
2024-08-26 19:17:03 +08:00

45 lines
1.3 KiB
Diff
Raw Permalink Blame History

From c085a53268940dfbb907cbaa7a690740b6c8210c Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Tue, 7 May 2024 14:05:21 +0200
Subject: [PATCH] - Fix for #1062: declaration before statement, avoid print of
null, and redundant check for array size. And changelog note for merge of
#1062.
---
util/config_file.c | 8 +++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/util/config_file.c b/util/config_file.c
index 4a3b7d77..2ac6c468 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1776,12 +1776,13 @@ init_outgoing_availports(int* a, int num)
static int
extract_port_from_str(const char* str, int max_port) {
char* endptr;
+ long int value;
if (str == NULL || *str == '\0') {
- log_err("str: '%s' is invalid", str);
+ log_err("str: '%s' is invalid", (str?str:"NULL"));
return -1;
}
- long int value = strtol(str, &endptr, 10);
+ value = strtol(str, &endptr, 10);
if ((endptr == str) || (*endptr != '\0')) {
log_err("cannot parse port number '%s'", str);
return -1;
@@ -1820,7 +1821,8 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
log_err("Failed to parse the port number");
return 0;
}
- avail[port] = (allow?port:0);
+ if(port < num)
+ avail[port] = (allow?port:0);
} else {
char buf[16];
int i, low;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink