From 0457b397418afbeed72d627cda199071a633aa30 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 3 Dec 2016 16:52:42 +0000
Subject: [PATCH] SECURITY: Make GETIL_B always have type `unsigned', not `int'

Otherwise unwanted sign extension can easily occur when converting
from the implicit int to unsigned long, eg in GET_L.

Without this, ttls and the 32-bit SOA fields can be sign-extended,
exposing invalid values to the application.

Found by AFL 2.35b.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 src/internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/internal.h b/src/internal.h
index 00cf825..43f6d43 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -934,7 +934,7 @@ static inline int errno_resources(int e) { return e==ENOMEM || e==ENOBUFS; }
   (( ((sz)+sizeof(union maxalign)-1) / sizeof(union maxalign) )	\
    * sizeof(union maxalign) )
 
-#define GETIL_B(cb) (((dgram)[(cb)++]) & 0x0ff)
+#define GETIL_B(cb) (((dgram)[(cb)++]) & 0x0ffu)
 #define GET_B(cb,tv) ((tv)= GETIL_B((cb)))
 #define GET_W(cb,tv) ((tv)=0,(tv)|=(GETIL_B((cb))<<8), (tv)|=GETIL_B(cb), (tv))
 #define GET_L(cb,tv) ( (tv)=0,				\
-- 
2.30.2