Integer Overflow in sldns_str2period function

[kobrineli]

I've got an input to reach unsigned integer overflow error in sldns/parseutil.c:272 in sldns_str2period function, that leads to incorrect conversation from string to uint32_t. Also, other arithmetic in this function can lead to unsigned integer overflow. I have not found any checks to prevent this error, is that alright?

Steps to reproduce the behavior:

1. Build docker container for unbound from https://github.com/ispras/oss-sydr-fuzz/tree/master/projects/unbound
2. Run docker container and execute /unbound_fuzzers/fuzz_3_fuzzer overflow_input.txt with this input:
   overflow_input.txt
3. You will see something like this:
   sldns/parseutil.c:272:7: runtime error: unsigned integer overflow: 440000633 * 10 cannot be represented in type 'unsigned int'

• Unbound version: 7749d98
• OS: ubuntu 20.04

[wcawijngaards]

What the function does today does not seem a problem, it parses and returns something like the lower 32bits of the end result. It does not check for the number itself, if that exceeds max 32bit value. That is a lack of error reporting.

[kobrineli]

Ok. I don't know all the details of code, won't this wraparound be critical for some time measurements and other results, is that okay that error might happen? By the way, sldns_str2period function was called sldns_str2wire_period_buf function.

[wcawijngaards]

The commit fixes it by returning an error when there is an integer overflow in the function. The parse can then stop and print an error, to the user.