Commit 81e5de17 authored by Mark Andrews's avatar Mark Andrews
Browse files

2496. [bug] Add sanity length checks to NSID option. [RT #18813]

parent 49960a74
2496. [bug] Add sanity length checks to NSID option. [RT #18813]
2495. [bug] Tighten RRSIG checks. [RT #18795]
2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.258 2008/06/23 19:41:18 jinmei Exp $ */
/* $Id: client.c,v 1.259 2008/11/16 20:57:54 marka Exp $ */
#include <config.h>
......@@ -1222,7 +1222,7 @@ client_addopt(ns_client_t *client) {
* + 2 bytes for NSID length
* + NSID itself
*/
char nsid[BUFSIZ];
char nsid[BUFSIZ], *nsidp;
isc_buffer_t *buffer = NULL;
if (ns_g_server->server_usehostname) {
......@@ -1231,19 +1231,19 @@ client_addopt(ns_client_t *client) {
if (result != ISC_R_SUCCESS) {
goto no_nsid;
}
} else {
strncpy(nsid, ns_g_server->server_id, sizeof(nsid));
}
nsidp = nsid;
} else
nsidp = ns_g_server->server_id;
rdata->length = strlen(nsid) + 4;
rdata->length = strlen(nsidp) + 4;
result = isc_buffer_allocate(client->mctx, &buffer,
rdata->length);
if (result != ISC_R_SUCCESS)
goto no_nsid;
isc_buffer_putuint16(buffer, DNS_OPT_NSID);
isc_buffer_putuint16(buffer, strlen(nsid));
isc_buffer_putstr(buffer, nsid);
isc_buffer_putuint16(buffer, strlen(nsidp));
isc_buffer_putstr(buffer, nsidp);
rdata->data = buffer->base;
dns_message_takebuffer(client->message, &buffer);
} else {
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check.c,v 1.93 2008/09/12 06:02:31 each Exp $ */
/* $Id: check.c,v 1.94 2008/11/16 20:57:55 marka Exp $ */
/*! \file */
......@@ -792,6 +792,19 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
}
}
/*
* Check that server-id is not too long.
* 1024 bytes should be big enough.
*/
obj = NULL;
(void)cfg_map_get(options, "server-id", &obj);
if (obj != NULL && cfg_obj_isstring(obj) &&
strlen(cfg_obj_asstring(obj)) > 1024) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'server-id' too big (>1024 bytes)");
result = ISC_R_FAILURE;
}
return (result);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment