Fix potential overflow bug while parsing port in function cfg_mark_ports#1062
Merged
wcawijngaards merged 1 commit intoNLnetLabs:masterfrom May 7, 2024
Merged
Fix potential overflow bug while parsing port in function cfg_mark_ports#1062wcawijngaards merged 1 commit intoNLnetLabs:masterfrom
wcawijngaards merged 1 commit intoNLnetLabs:masterfrom
Conversation
wcawijngaards
approved these changes
May 7, 2024
Member
wcawijngaards
left a comment
wcawijngaards
left a comment
There was a problem hiding this comment.
Nice to check for more error conditions. I cannot spot where it would have had negative numbers from the string.
wcawijngaards
added a commit
that referenced
this pull request
May 7, 2024
and redundant check for array size. And changelog note for merge of #1062.
Member
|
Thank you for the contribution! The fixup commit moves a declaration before statements to avoid a warning, then avoids printing a null value on error, just in case, and adds a redundant check on array size, also just for extra certainty. The pull request should catch unknown characters in that string and also range errors and that is nice to have. |
jedisct1
added a commit
to jedisct1/unbound
that referenced
this pull request
May 7, 2024
* nlnet/master: (45 commits) - Fix for NLnetLabs#1062: declaration before statement, avoid print of null, and redundant check for array size. And changelog note for merge of NLnetLabs#1062. Fix potential overflow bug while parsing port in function cfg_mark_ports - Set version number to 1.20.0 for release. - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li from the Network and Information Security Lab of Tsinghua University for reporting it. - Fix doxygen comment for errinf_to_str_bogus. - Cleanup unnecessary strdup calls for EDE strings. - Man page entry for unbound-checkconf -q. - Fix NLnetLabs#876: [FR] can unbound-checkconf be silenced when configuration is valid? - Add unit tests for cachedb and subnet cache expired data. - Fix cachedb with serve-expired-client-timeout disabled. The edns subnet module deletes global cache and cachedb cache when it stores a result, and serve-expired is enabled, so that the global reply, that is older than the ecs reply, does not return after the ecs reply expires. - Fix doc unit test for out of directory build. - Fix to disable fragmentation on systems with IP_DONTFRAG, with a nonzero value for the socket option argument. Changelog note for NLnetLabs#1041 and NLnetLabs#1038. - Merge NLnetLabs#1041: Stub and Forward unshare. This has one structure for them and fixes NLnetLabs#1038: fatal error: Could not initialize thread / error: reading root hints. Update locking management for iter_fwd and iter_hints methods. (NLnetLabs#1054) - Fix configure flto check error, by finding grep for it. - Fix ci workflow for macos for moved install locations. - Merge NLnetLabs#1053: Remove child delegations from cache when grandchild delegations are returned from parent. - When a granchild delegation is returned, remove any cached child delegations up to parent to not cause delegation invalidation because of an expired child delegation that would never be updated. Most likely to happen without qname-minimisation. Reported by Roland van Rijswijk-Deij. - Fix edns subnet to sort rrset references when storing messages in the cache. This fixes a race condition in the rrset locks. - Add checklock feature verbose_locking to trace locks and unlocks. ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix potential overflow bugs caused by the following situations: use strtol function instead of atoi function