| CARVIEW |
Select Language
HTTP/2 302
date: Tue, 15 Jul 2025 03:55:02 GMT
content-length: 0
location: https://github.com/NLnetLabs/unbound/pull/1062
server-timing: nginx;desc="NGINX";dur=0.939821,glb;desc="GLB";dur=95.44878
x-voltron-version: 6a3bf42
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
set-cookie: _gh_sess=qxgKZ2%2F%2FYrDoQPWdUDJSuw3equbrTO7v2Nz8lnOgBrCOgasKQHHcQ3rKCKYWnAb1LcUbLnQtW%2BfWLWZ%2BTMMz%2FIx4tZfuat1126Pm8FkAVKUVNe%2BPvVuIiTRsMMCSZSoo1SfPcDC4fYbM8MkS8cKUVZQtm3SO9tAIvcNefRsFtNnt4W3EAwkUvSLcD1qOKrrn8B%2FN82%2BGg7e%2B5XgpMxhYEdlFIyIVyLrJJeF%2BwkbIV4PEM8flJQF2R4dVmn8NIyI70l8RNpuBvV3OzOec181hHQ%3D%3D--5BWed7nhphtFfL12--ktmMZX1GxFWipnJX%2FnKXfg%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.876749319.1752551701; Path=/; Domain=github.com; Expires=Wed, 15 Jul 2026 03:55:01 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Wed, 15 Jul 2026 03:55:01 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 9D4A:3F687B:3FD08:5185D:6875D115
HTTP/2 200
date: Tue, 15 Jul 2025 03:55:02 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy: no-referrer-when-downgrade
server-timing: pull_request_layout-fragment;desc="pull_request_layout fragment";dur=325.722645,conversation_content-fragment;desc="conversation_content fragment";dur=578.444345,conversation_sidebar-fragment;desc="conversation_sidebar fragment";dur=346.890419,nginx;desc="NGINX";dur=0.882704,glb;desc="GLB";dur=95.75961
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: 6a3bf42
x-xss-protection: 0
server: github.com
content-encoding: gzip
accept-ranges: bytes
x-github-request-id: 9D4A:3F687B:3FD55:518A3:6875D115
Fix potential overflow bug while parsing port in function cfg_mark_ports by xiaoxiaoafeifei · Pull Request #1062 · NLnetLabs/unbound · GitHub
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 397
Fix potential overflow bug while parsing port in function cfg_mark_ports #1062
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wcawijngaards
approved these changes
May 7, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice to check for more error conditions. I cannot spot where it would have had negative numbers from the string.
wcawijngaards
added a commit
that referenced
this pull request
May 7, 2024
and redundant check for array size. And changelog note for merge of #1062.
|
Thank you for the contribution! The fixup commit moves a declaration before statements to avoid a warning, then avoids printing a null value on error, just in case, and adds a redundant check on array size, also just for extra certainty. The pull request should catch unknown characters in that string and also range errors and that is nice to have. |
jedisct1
added a commit
to jedisct1/unbound
that referenced
this pull request
May 7, 2024
* nlnet/master: (45 commits) - Fix for NLnetLabs#1062: declaration before statement, avoid print of null, and redundant check for array size. And changelog note for merge of NLnetLabs#1062. Fix potential overflow bug while parsing port in function cfg_mark_ports - Set version number to 1.20.0 for release. - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li from the Network and Information Security Lab of Tsinghua University for reporting it. - Fix doxygen comment for errinf_to_str_bogus. - Cleanup unnecessary strdup calls for EDE strings. - Man page entry for unbound-checkconf -q. - Fix NLnetLabs#876: [FR] can unbound-checkconf be silenced when configuration is valid? - Add unit tests for cachedb and subnet cache expired data. - Fix cachedb with serve-expired-client-timeout disabled. The edns subnet module deletes global cache and cachedb cache when it stores a result, and serve-expired is enabled, so that the global reply, that is older than the ecs reply, does not return after the ecs reply expires. - Fix doc unit test for out of directory build. - Fix to disable fragmentation on systems with IP_DONTFRAG, with a nonzero value for the socket option argument. Changelog note for NLnetLabs#1041 and NLnetLabs#1038. - Merge NLnetLabs#1041: Stub and Forward unshare. This has one structure for them and fixes NLnetLabs#1038: fatal error: Could not initialize thread / error: reading root hints. Update locking management for iter_fwd and iter_hints methods. (NLnetLabs#1054) - Fix configure flto check error, by finding grep for it. - Fix ci workflow for macos for moved install locations. - Merge NLnetLabs#1053: Remove child delegations from cache when grandchild delegations are returned from parent. - When a granchild delegation is returned, remove any cached child delegations up to parent to not cause delegation invalidation because of an expired child delegation that would never be updated. Most likely to happen without qname-minimisation. Reported by Roland van Rijswijk-Deij. - Fix edns subnet to sort rrset references when storing messages in the cache. This fixes a race condition in the rrset locks. - Add checklock feature verbose_locking to trace locks and unlocks. ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
You can’t perform that action at this time.
Fix potential overflow bugs caused by the following situations: use strtol function instead of atoi function