clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1062 from xiaoxiaoafeifei/master

Browse Source 
Fix potential overflow bug while parsing port in function cfg_mark_ports
This commit is contained in:
Wouter Wijngaards 2024-05-07 14:02:21 +02:00 committed by GitHub
commit 49569b81aa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 50 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
util/config_file.c
View File

@ -42,6 +42,7 @@
#include "config.h" #include "config.h"
#include <ctype.h> #include <ctype.h>
#include <stdarg.h> #include <stdarg.h>
#include <errno.h>
#ifdef HAVE_TIME_H #ifdef HAVE_TIME_H
#include <time.h> #include <time.h>
#endif #endif
@ -1772,6 +1773,38 @@ init_outgoing_availports(int* a, int num)
} }
} }
static int
extract_port_from_str(const char* str, int max_port) {
char* endptr;
if (str == NULL || *str == '\0') {
log_err("str: '%s' is invalid", str);
return -1;
}
long int value = strtol(str, &endptr, 10);
if ((endptr == str) || (*endptr != '\0')) {
log_err("cannot parse port number '%s'", str);
return -1;
}
if (errno == ERANGE) {
log_err("overflow occurred when parsing '%s'", str);
return -1;
}
if (value == 0 && strcmp(str, "0") != 0) {
log_err("cannot parse port number '%s'", str);
return -1;
}
if (value < 0 || value >= max_port) {
log_err(" '%s' is out of bounds [0, %d)", str, max_port);
return -1;
}
return (int)value;
}
int int
cfg_mark_ports(const char* str, int allow, int* avail, int num) cfg_mark_ports(const char* str, int allow, int* avail, int num)
{ {
@ -1782,53 +1815,44 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
"options"); "options");
#endif #endif
if(!mid) { if(!mid) {
int port = atoi(str); int port = extract_port_from_str(str, num);
if(port < 0) { if (port < 0) {
log_err("port number is negative: %d", port); log_err("Failed to parse the port number");
return 0; return 0;
} }
if(port == 0 && strcmp(str, "0") != 0) { avail[port] = (allow?port:0);
log_err("cannot parse port number '%s'", str);
return 0;
}
if(port < num)
avail[port] = (allow?port:0);
} else { } else {
int i, low, high = atoi(mid+1);
char buf[16]; char buf[16];
if(high < 0) { int i, low;
log_err("port number is negative: %d", high); int high = extract_port_from_str(mid+1, num);
return 0; if (high < 0) {
} log_err("Failed to parse the port number");
if(high == 0 && strcmp(mid+1, "0") != 0) {
log_err("cannot parse port number '%s'", mid+1);
return 0; return 0;
} }
if( (int)(mid-str)+1 >= (int)sizeof(buf) ) { if( (int)(mid-str)+1 >= (int)sizeof(buf) ) {
log_err("cannot parse port number '%s'", str); log_err("cannot parse port number '%s'", str);
return 0; return 0;
} }
if(mid > str) if(mid > str)
memcpy(buf, str, (size_t)(mid-str)); memcpy(buf, str, (size_t)(mid-str));
buf[mid-str] = 0; buf[mid-str] = 0;
low = atoi(buf); low = extract_port_from_str(buf, num);
if(low < 0) { if (low < 0) {
log_err("port number is negative: %d", low); log_err("Failed to parse the port number");
return 0; return 0;
} }
if(low == 0 && strcmp(buf, "0") != 0) {
log_err("cannot parse port number '%s'", buf); if (low > high) {
log_err("Low value is greater than high value");
return 0; return 0;
} }
if(high > num) {
/* Stop very high values from taking a long time. */
high = num;
}
for(i=low; i<=high; i++) { for(i=low; i<=high; i++) {
if(i < num) if(i < num)
avail[i] = (allow?i:0); avail[i] = (allow?i:0);
} }
return 1;
} }
return 1; return 1;
} }