Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: log_assert does nothing if UNBOUND_DEBUG is undefined #529

Merged
merged 1 commit into from
Aug 20, 2021

Conversation

Shchelk
Copy link
Contributor

@Shchelk Shchelk commented Aug 20, 2021

Found by static analyzer svace
Static analyzer message: Integer value 'len' obtained from untrusted source at tube.c:374 by passing as 2nd parameter to function 'read' at tube.c:340 without checking its higher bound is used as a loop bound at tube.c:374.

on-behalf-of: @ideco-team github@ideco.ru

Found by static analyzer svace
Static analyzer message: Integer value 'len' obtained from untrusted
source at tube.c:374 by passing as 2nd parameter to function 'read'
at tube.c:340 without checking its higher bound is used as a loop bound
at tube.c:374.


on-behalf-of: @ideco-team <github@ideco.ru>
@wcawijngaards wcawijngaards merged commit a4d1224 into NLnetLabs:master Aug 20, 2021
wcawijngaards added a commit that referenced this pull request Aug 20, 2021
- Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is
  undefined.
@wcawijngaards
Copy link
Member

Thank you for the patch! The code does not seem to be at risk, because the messages along this channel are from the internal parts of unbound, apart from bugs, bad lengths are not expected here. Nevertheless, it is good to fix to make sure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants