RPZ: Don't diff keys out of bounds, found via Valgrind (#38559)

2015-02-16 12:09:30 +05:30
parent 8f0427f11b
commit e58eb371a0
2 changed files with 8 additions and 2 deletions
--- a/5
+++ b/5
@@ -1,3 +1,8 @@
+4062.	[bug]		Fix an out-of-bounds read in RPZ code. If the
+			read succeeded, it doesn't result in a bug
+			during operation. If the read failed, named
+			could segfault. [RT #38559]
+
 4061.	[bug]		Handle timeout in legacy system test. [RT #38573]

 4060.	[bug]		dns_rdata_freestruct could be called on a
--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@@ -866,13 +866,14 @@ diff_keys(const dns_rpz_cidr_key_t *key1, dns_rpz_prefix_t prefix1,
 	dns_rpz_prefix_t maxbit, bit;
 	int i;

+	bit = 0;
 	maxbit = ISC_MIN(prefix1, prefix2);

 	/*
 	 * find the first differing words
 	 */
-	for (i = 0, bit = 0;
-	     bit <= maxbit;
+	for (i = 0;
+	     bit < maxbit;
 	     i++, bit += DNS_RPZ_CIDR_WORD_BITS) {
 		delta = key1->w[i] ^ key2->w[i];
 		if (delta != 0) {