summaryrefslogtreecommitdiff
path: root/main/dnsmasq/0015-Fix-coverity-issues-in-dnssec.c.patch
blob: 7f9d5d36acc25cb04ddec82b5f625a3ff1109134 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0015-Fix-coverity-issues-in-dnssec.c.patch (backport from upstream)
--
From 82c23fb1f0d9e46c6ce4bc4a57f0d377cc6089b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 3 Sep 2021 22:51:36 +0200
Subject: [PATCH 15/15] Fix coverity issues in dnssec.c

diff --git a/src/dnssec.c b/src/dnssec.c
index 94ebb6f..8800a5b 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -724,7 +724,8 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
       
       /* namebuff used for workspace above, restore to leave unchanged on exit */
       p = (unsigned char*)(rrset[0]);
-      extract_name(header, plen, &p, name, 1, 0);
+      if (!extract_name(header, plen, &p, name, 1, 0))
+	return STAT_BOGUS;
 
       if (key)
 	{
@@ -1017,7 +1018,9 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
     }
   
   p = (unsigned char *)(header+1);
-  extract_name(header, plen, &p, name, 1, 4);
+  if (!extract_name(header, plen, &p, name, 1, 4))
+      return STAT_BOGUS;
+
   p += 4; /* qtype, qclass */
   
   /* If the key needed to validate the DS is on the same domain as the DS, we'll
-- 
2.31.1