Report information
The Basics
Id:
35758
Status:
resolved
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
David Ramos <daramos@stanford.edu>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Server
Area:
bug
Dates
Created:Sun, 13 Apr 2014 20:40:05 -0400
Updated:Wed, 02 Aug 2017 20:52:14 -0400
Closed:Tue, 01 Jul 2014 19:09:35 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Sun, 13 Apr 2014 20:40:05 -0400 David Ramos <daramos@stanford.edu> - Ticket created
Subject: sign extension bug in isc_regex_validate
Date: Sun, 13 Apr 2014 17:39:46 -0700
To: bind9-bugs@isc.org
From: David Ramos <daramos@stanford.edu>

Hello, Our UC-KLEE tool found a char-sign-extension bug in isc_regex_validate(), which may cause it to improperly accept or reject a regular expression depending on whether the compiler treated chars as signed or unsigned (either is allowed under the C specification). The offending code is in isc_regex_validate (lib/isc/regex.c) on line 258 in the latest git v9_9 HEAD: if (range == 2 && *c < range_start) Some example inputs where the above condition may evaluate to true or false depending on the compiler are: \x5c-\x80 \x83-\x02 The simplest fix is probably to change 'c' to an unsigned char, and possibly range_start to an unsigned int. Thanks, -David
Sun, 13 Apr 2014 21:44:43 -0400 Mark Andrews <marka@isc.org> - Status changed from 'new' to 'open'
Sun, 13 Apr 2014 21:44:43 -0400 Mark Andrews <marka@isc.org> - Queue changed from #6 to #7
  Sun, 13 Apr 2014 21:45:01 -0400 Mark Andrews <marka@isc.org> - Correspondence added

Thanks for the report
Sun, 13 Apr 2014 22:00:33 -0400 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'stalled'
Tue, 29 Apr 2014 00:37:54 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 added
Tue, 29 Apr 2014 00:37:56 -0400 Mark Andrews <marka@isc.org> - Status changed from 'stalled' to 'open'
Tue, 29 Apr 2014 00:37:56 -0400 Mark Andrews <marka@isc.org> - Queue changed from #7 to #30
Tue, 01 Jul 2014 19:09:35 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'open' to 'resolved'
Tue, 02 Aug 2016 16:46:53 -0400 Vicky Risk <vicky@isc.org> - Priority P2 Normal added
Tue, 02 Aug 2016 16:46:53 -0400 Vicky Risk <vicky@isc.org> - Severity S2 Normal added
Tue, 02 Aug 2016 16:46:53 -0400 Vicky Risk <vicky@isc.org> - Area bug added
Tue, 02 Aug 2016 16:46:53 -0400 Vicky Risk <vicky@isc.org> - Component BIND Server added
Wed, 21 Jun 2017 14:35:53 -0400 Brian Conry <bconry@isc.org> - Queue changed from #30 to #6
Mon, 26 Jun 2017 16:32:39 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public
Wed, 02 Aug 2017 20:52:14 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 changed to 9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0