CID 316513: Insecure data handling (TAINTED_SCALAR)
*** CID 316513: Insecure data handling (TAINTED_SCALAR)
/lib/dns/master.c: 2618 in load_raw()
2612 * the target available region be the same if
2613 * decompression is disabled (see dctx above) and we
2614 * are not downcasing names (options == 0).
2615 */
2616 isc_buffer_init(&buf, isc_buffer_current(&target),
2617 (unsigned int)rdlen);
>>> CID 316513: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "target.active" to "dns_rdata_fromwire", which uses it as a loop boundary.
2618 result = dns_rdata_fromwire(
2619 &rdata[i], rdatalist.rdclass, rdatalist.type,
2620 &target, &dctx, 0, &buf);
2621 if (result != ISC_R_SUCCESS) {
2622 goto cleanup;
2623 }
