Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 532
    • Issues 532
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 101
    • Merge requests 101
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #2425

Closed
Open
Created Jan 25, 2021 by Michal Nowak@mnowakOwner

CID 316505: Insecure data handling (TAINTED_SCALAR)

*** CID 316505:  Insecure data handling  (TAINTED_SCALAR)
/lib/dns/journal.c: 972 in journal_find()
966     		return (ISC_R_SUCCESS);
967     	}
968     
969     	current_pos = j->header.begin;
970     	index_find(j, serial, &current_pos);
971     
>>>     CID 316505:  Insecure data handling  (TAINTED_SCALAR)
>>>     Using tainted variable "current_pos.serial" as a loop boundary.
972     	while (current_pos.serial != serial) {
973     		if (DNS_SERIAL_GT(current_pos.serial, serial)) {
974     			return (ISC_R_NOTFOUND);
975     		}
976     		result = journal_next(j, &current_pos);
977     		if (result != ISC_R_SUCCESS) {
Assignee
Assign to
Time tracking