Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0015-Fix-coverity-issues-in-dnssec.c.patch (backport from upstream) -- From 82c23fb1f0d9e46c6ce4bc4a57f0d377cc6089b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Fri, 3 Sep 2021 22:51:36 +0200 Subject: [PATCH 15/15] Fix coverity issues in dnssec.c diff --git a/src/dnssec.c b/src/dnssec.c index 94ebb6f..8800a5b 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -724,7 +724,8 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in /* namebuff used for workspace above, restore to leave unchanged on exit */ p = (unsigned char*)(rrset[0]); - extract_name(header, plen, &p, name, 1, 0); + if (!extract_name(header, plen, &p, name, 1, 0)) + return STAT_BOGUS; if (key) { @@ -1017,7 +1018,9 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char } p = (unsigned char *)(header+1); - extract_name(header, plen, &p, name, 1, 4); + if (!extract_name(header, plen, &p, name, 1, 4)) + return STAT_BOGUS; + p += 4; /* qtype, qclass */ /* If the key needed to validate the DS is on the same domain as the DS, we'll -- 2.31.1