[dns-operations] Robert Graham - A Quick Review of the BIND9 Code.
Evan Hunt
each at isc.org
Thu Jul 30 23:41:06 UTC 2015
On Thu, Jul 30, 2015 at 05:58:31PM -0400, Robert Edmonds wrote:
> Can you confirm that American Fuzzy Lop was the tool that was used to
> discover this vulnerability?
Yes.
> Is the ISC team working on adding AFL fuzzing to the BIND development
> process?
Yes.
> However, the correctness of the dns_message_findname() function doesn't
> depend on the value of *name. The function only writes to *name.
> Requiring that callers always set *name to NULL is thus just busywork.
If *name is already set to something else, then you might be overwriting
data that was important. The contract requires it to be NULL so that we
catch coding errors.
In this particular case, overwriting *name would have been harmless, but
you can't guarantee that it will always be so.
I've caught lots and lots of bugs before they were released (and
regrettably some after) because we had REQUIREs in place to catch the
mistakes.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the dns-operations
mailing list