From e117244850527e51c6ea06167deb76222ef59e8b Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Fri, 13 May 2022 19:59:58 -0700
Subject: [PATCH] prevent a possible buffer overflow in configuration check

corrected code that could have allowed a buffer overfow while
parsing named.conf.

(cherry picked from commit 921043b54161c7a3e6dc4036b038ca4dbc5fe472)
---
 lib/bind9/check.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 1017468d42..9c98c528d9 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -3011,8 +3011,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		} else if (dns_name_isula(zname)) {
 			ula = true;
 		}
-		tmp += strlen(tmp);
 		len -= strlen(tmp);
+		tmp += strlen(tmp);
 		(void)snprintf(tmp, len, "%u/%s", zclass,
 			       (ztype == CFG_ZONE_INVIEW) ? target
 			       : (viewname != NULL)	  ? viewname
@@ -3721,8 +3721,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		char *tmp = keydirbuf;
 		size_t len = sizeof(keydirbuf);
 		dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
-		tmp += strlen(tmp);
 		len -= strlen(tmp);
+		tmp += strlen(tmp);
 		(void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
 		tresult = keydirexist(zconfig, (const char *)keydirbuf,
 				      kaspname, keydirs, logctx, mctx);