Silence untrusted loop bound on nsec3param.iterations (!5256) · Merge requests · ISC Open Source Projects / BIND

Mark Andrews requested to merge 2810-silence-untrusted-loop-bound-v9_16 into v9_16 Jul 12, 2021

630 1. tainted_argument: Calling function dns_rdata_tostruct taints argument nsec3param.iterations. [show details] 631 result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL); 2. Condition !!(result == 0), taking true branch. 3. Condition !!(result == 0), taking true branch. 632 RUNTIME_CHECK(result == ISC_R_SUCCESS); 633 634 dns_fixedname_init(&fixed);

        CID 281425 (#1 of 1): Untrusted loop bound (TAINTED_SCALAR)
        4. tainted_data: Passing tainted expression nsec3param.iterations to dns_nsec3_hashname, which uses it as a loop boundary. [show details]
    Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
635        result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, vctx->origin,
636                                    vctx->origin, nsec3param.hash,
637                                    nsec3param.iterations, nsec3param.salt,
638                                    nsec3param.salt_length);

(cherry picked from commit c5e1c35e)

Closes #2810 (closed)

Silence untrusted loop bound on nsec3param.iterations

Merge request reports