Report information
The Basics
Id:
35757
Status:
resolved
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
David Ramos <daramos@stanford.edu>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
(no value)
Severity:
(no value)
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Server
Area:
bug
Attachments
sig_fromfile-OOB.patch signature.asc
Dates
Created:Sun, 13 Apr 2014 20:24:01 -0400
Updated:Wed, 02 Aug 2017 20:49:25 -0400
Closed:Tue, 29 Apr 2014 00:44:13 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Sun, 13 Apr 2014 20:24:03 -0400 David Ramos <daramos@stanford.edu> - Ticket created
Subject: [PATCH] out-of-bounds dereference in sig_fromfile
Date: Sun, 13 Apr 2014 17:23:25 -0700
To: bind9-bugs@isc.org
From: David Ramos <daramos@stanford.edu>

Hello, Our UC-KLEE tool found an out-of-bounds dereference in the bin/tests/dst/t_dst.c regression test. When the signature file contains an odd number of non-newline bytes, the loop in sig_fromfile will attempt to read one byte past the end of the buffer. Clearly a bug in one of the regression tests isn't an urgent matter, but it's probably worth fixing in case the code ever gets copied elsewhere. The bug occurs in the latest git HEAD. Attached is a proposed fix. Thanks, -David
sig_fromfile-OOB.patch

Message body not shown because it is not plain text.


signature.asc

Message body not shown because it is not plain text.

Sun, 13 Apr 2014 21:45:55 -0400 Mark Andrews <marka@isc.org> - Status changed from 'new' to 'open'
Sun, 13 Apr 2014 21:45:55 -0400 Mark Andrews <marka@isc.org> - Queue changed from #6 to #7
  Sun, 13 Apr 2014 21:47:44 -0400 Mark Andrews <marka@isc.org> - Correspondence added

Thanks. We will most probably apply a different and more extensive fix.
Sun, 13 Apr 2014 21:59:54 -0400 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'stalled'
Tue, 29 Apr 2014 00:44:12 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 added
  Tue, 29 Apr 2014 00:44:12 -0400 Mark Andrews <marka@isc.org> - Correspondence added

No changes note: improve error handling in sig_fromfile. This will be in 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0
Tue, 29 Apr 2014 00:44:13 -0400 The RT System itself - Status changed from 'stalled' to 'open'
Tue, 29 Apr 2014 00:44:13 -0400 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'resolved'
Tue, 29 Apr 2014 00:44:13 -0400 Mark Andrews <marka@isc.org> - Queue changed from #7 to #30
Tue, 02 Aug 2016 16:46:02 -0400 Vicky Risk <vicky@isc.org> - Area bug added
Tue, 02 Aug 2016 16:46:02 -0400 Vicky Risk <vicky@isc.org> - Component BIND Server added
Wed, 21 Jun 2017 14:35:53 -0400 Brian Conry <bconry@isc.org> - Queue changed from #30 to #6
Mon, 26 Jun 2017 16:32:08 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public
Wed, 02 Aug 2017 20:49:25 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 changed to 9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0