Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upRpz #73
Rpz #73
Conversation
bring fork up-to-date with upstream
- Fixes for compiler warnings
bring fork up to date
…ature/rpz
- Added RPZ policy apply logging
- Fix memory leak - IANA ports update - merge littlehash ASAN changes
triggers.
- Fix potential memory leak
- Fix rpz memory leak
- Fix memory leak
- use localzone's memory layout when removing rr from rrset
This comment has been minimized.
This comment has been minimized.
spirillen
commented
Jan 16, 2020
|
What a shame |
| if((enum rpz_action)s->svr.rpz_action[i] == RPZ_NO_OVERRIDE_ACTION) | ||
| continue; |
This comment has been minimized.
This comment has been minimized.
wcawijngaards
Jan 28, 2020
Member
This must be wrong, the value is a statistics counter, it is never assigned to this variable and the enum is a valid value for the statistics counter.
This comment has been minimized.
This comment has been minimized.
| if(*dname == 0) | ||
| return NULL; | ||
|
|
||
| while(*dname) { | ||
| dname = dname+*dname+1; | ||
| dnamelen += ((size_t)*dname)+1; |
This comment has been minimized.
This comment has been minimized.
wcawijngaards
Jan 28, 2020
Member
The if(dnamelen > maxdnamelen) check needs to be before the *dname parts above, in the if(..==0) and while() and in the dnamelen+= statements, you first need to check that the label length byte fits in the maxdnamelen. With an added statement like if(dnamelen+1 > maxdnamelen) return NULL; at the start of the routine. I don't think it is needed at the end of the while loop.
This comment has been minimized.
This comment has been minimized.
wcawijngaards
Jan 28, 2020
Member
Actually I think it is also needed before the *dname in the != 0 comparison below, an if statement to check if dnamelen+1 > maxdnamelen.
This comment has been minimized.
This comment has been minimized.
ralphdolmans
Jan 29, 2020
Author
Member
Ack on the check at the start of the routine, in case of a maxdnamelen of 0.
For the second check (in the while) I don't think a new if is needed, changing the existing one from if(dnamelen > maxdnamelen) to if(dnamelen+1 > maxdnamelen) should do the trick.
This comment has been minimized.
This comment has been minimized.
| if(dname_is_wild(ctarget)) { | ||
| /* synthesize cname target */ | ||
| struct packed_rrset_data* d; | ||
| uint8_t newtarget[LDNS_MAX_DOMAINLEN]; |
This comment has been minimized.
This comment has been minimized.
wcawijngaards
Jan 28, 2020
Member
Other buffers are LDNS_MAX_DOMAINLEN+1. Also for rpz.c:646 wc[LDNS_MAX_DOMAINLEN], the +1 is elsewhere but not here.
This comment has been minimized.
This comment has been minimized.
ralphdolmans
Jan 28, 2020
Author
Member
The newtarget[] is actually not used at all and removed in a later commit (344f12d)
This comment has been minimized.
This comment has been minimized.
| len = *dname; | ||
| lablen = *dname++; |
This comment has been minimized.
This comment has been minimized.
wcawijngaards
Jan 29, 2020
Member
ipdnametoaddr and netblockdnametoaddr also have dnamelen == 0 check needed. And perhaps also check if labellengthbyte fits in dnamelen, and if the label length fits in dnamelen.
This comment has been minimized.
This comment has been minimized.
ralphdolmans
Jan 29, 2020
Author
Member
Added in 88a706a
Also subtracting the netblock label (incl. length byte) from length passed to ipdnametoaddr.
|
Reviewed (change commits since previous), and it looks good! (I think this comment allows later github diffs to be made as well, hence). |
This comment has been minimized.
This comment has been minimized.
spirillen
commented
Jan 30, 2020
•
|
Is there are release date for this? like 1.9.7? |
This comment has been minimized.
This comment has been minimized.
This will be part of the upcoming Unbound 1.10 release, which is scheduled to happen in February. |
ralphdolmans commentedSep 9, 2019
No description provided.