bind9

Files

Mark Andrews c40133d840 Silence Insecure data handling (TAINTED_SCALAR)

Coverity assumes that the memory holding any value read using byte
swapping is tainted.  As we store the NSEC3PARAM records in wire
form and iterations is byte swapped the memory holding the record
is marked as tainted.  nsec3->salt_length is marked as tainted
transitively. To remove the taint the value need to be range checked.
For a correctly formatted record region.length should match
nsec3->salt_length and provides a convenient value to check the field
against.

    *** CID 316507:  Insecure data handling  (TAINTED_SCALAR)
    /lib/dns/rdata/generic/nsec3param_51.c: 241 in tostruct_nsec3param()
    235     	region.length = rdata->length;
    236     	nsec3param->hash = uint8_consume_fromregion(&region);
    237     	nsec3param->flags = uint8_consume_fromregion(&region);
    238     	nsec3param->iterations = uint16_consume_fromregion(&region);
    239
    240     	nsec3param->salt_length = uint8_consume_fromregion(&region);
    >>>     CID 316507:  Insecure data handling  (TAINTED_SCALAR)
    >>>     Passing tainted expression "nsec3param->salt_length" to "mem_maybedup", which uses it as an offset.
    241     	nsec3param->salt = mem_maybedup(mctx, region.base,
    242     					nsec3param->salt_length);
    243     	if (nsec3param->salt == NULL) {
    244     		return (ISC_R_NOMEMORY);
    245     	}
    246     	isc_region_consume(&region, nsec3param->salt_length);

2021-02-12 10:19:27 +11:00

bind9

Use -release instead of -version-info for internal library SONAMEs

2021-01-25 14:19:53 +01:00

dns

Silence Insecure data handling (TAINTED_SCALAR)

2021-02-12 10:19:27 +11:00

irs

Use -release instead of -version-info for internal library SONAMEs

2021-01-25 14:19:53 +01:00

isc

Unit-test fixes and manual page updates for DoH configuration