3861. [security] Missing isc_buffer_availablelength check results

in a REQUIRE assertion when printing out a packet. [RT #36078]
2014-05-25 12:39:03 +10:00
parent a750ea0e56
commit 5b75e2dfa7
2 changed files with 9 additions and 1 deletions
--- a/4
+++ b/4
@@ -1,3 +1,7 @@
+3861.	[security]	Missing isc_buffer_availablelength check results
+			in a REQUIRE assertion when printing out a packet.
+			[RT #36078]
+
 3860.	[bug]		ioctl(DP_POLL) array size needs to be determined
 			at run time as it is limited to {OPEN_MAX}.
 			[RT #35878]
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -3204,7 +3204,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
 				dns_pseudosection_t section,
 				const dns_master_style_t *style,
 				dns_messagetextflag_t flags,
-				isc_buffer_t *target) {
+				isc_buffer_t *target)
+{
 	dns_rdataset_t *ps = NULL;
 	dns_name_t *name = NULL;
 	isc_result_t result;
@@ -3278,8 +3279,11 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
 					sprintf(buf, "%02x ", optdata[i]);
 					ADD_STRING(target, buf);
 				}
+
 				for (i = 0; i < optlen; i++) {
 					ADD_STRING(target, " (");
+					if (!isc_buffer_availablelength(target))
+						return (ISC_R_NOSPACE);
 					if (isprint(optdata[i]))
 						isc_buffer_putmem(target,
 								  &optdata[i],