> Note that it's not possible to reach this code with a DoH dns parameter
> value containing any character greater than 0x7F at present, as the
> parser used to extract the value before calling this code is extremely
> strict and will reject the query.  There is no other use of this code as
> of this writing.

Thanks, that matches what I found tracing the callers - I couldn't get a
high-bit byte through the front-end parser either, so I agree this isn't
reachable today and the practical impact is nil. I sent it as hardening
of the decoder itself so it stays safe if it's ever called from a less
strict path.

> While the signed issue here should be fixed in my personal opinion, this
> issue is purely theoretical at this point.

Agreed on both counts.

> In any case, the bind-users is a wrong place to report bugs like this. I
> would ask the OP to report this as an issue in our GitLab [...]

Understood, sorry for the noise here. I'll open a GitLab issue with the
details and the patch so it doesn't get lost, and drop the theoretical/
not-currently-reachable context in there too.

Ismail
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list.

Reply via email to