From 76e6cf505ea82d265402df2b4d19ec0d49301ec8 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 10 Aug 2010 08:43:40 +0000 Subject: [PATCH] 2933. [bug] 'dig +nsid' used stack memory after it went out of scope. This could potentially result in a unknown, potentially malformed, EDNS option being sent instead of the desired NSID option. [RT #21781] --- CHANGES | 5 +++++ bin/dig/dighost.c | 17 +++++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 8ee4e68ac8..c0603c8098 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +2933. [bug] 'dig +nsid' used stack memory after it went out of + scope. This could potentially result in a unknown, + potentially malformed, EDNS option being sent instead + of the desired NSID option. [RT #21781] + 2932. [cleanup] Corrected a numbering error in the "dnssec" test. [RT #21597] diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 3755aac629..a8f27da3d5 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.328.22.3 2010/06/24 07:29:07 marka Exp $ */ +/* $Id: dighost.c,v 1.328.22.4 2010/08/10 08:43:40 marka Exp $ */ /*! \file * \note @@ -1386,14 +1386,15 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns, if (dnssec) rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; if (nsid) { - unsigned char data[4]; - isc_buffer_t buf; + isc_buffer_t *b = NULL; - isc_buffer_init(&buf, data, sizeof(data)); - isc_buffer_putuint16(&buf, DNS_OPT_NSID); - isc_buffer_putuint16(&buf, 0); - rdata->data = data; - rdata->length = sizeof(data); + result = isc_buffer_allocate(mctx, &b, 4); + check_result(result, "isc_buffer_allocate"); + isc_buffer_putuint16(b, DNS_OPT_NSID); + isc_buffer_putuint16(b, 0); + rdata->data = isc_buffer_base(b); + rdata->length = isc_buffer_usedlength(b); + dns_message_takebuffer(msg, &b); } else { rdata->data = NULL; rdata->length = 0;