From 1256bbda2fb2cfdac972aeb2a29341268c18843b Mon Sep 17 00:00:00 2001
From: Michael Saxl <mike@mwsys.mine.bz>
Date: Mon, 4 Apr 2022 15:33:45 +0200
Subject: [PATCH] dlz_bind9: call dns_name_is_static before adding space for
 record

fix for https://bugzilla.samba.org/show_bug.cgi?id=15040

dns_name_is_static is called after adding a uninitialized element to
recs. There is a chance that the uninizialized memory reads a element
with dwTimeStamp=0 and wType!=0. In that case dns_name_is_static will
return true

Signed-off-by: Micahel Saxl <mike@mwsys.mine.bz>
---
 source4/dns_server/dlz_bind9.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 0bd55f1..9a30160 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -1955,7 +1955,14 @@ _PUBLIC_ isc_result_t dlz_addrdataset(const char *name, const char *rdatastr, vo
 	}
 
 	if (i == num_recs) {
-		/* adding a new value */
+		/* set dwTimeStamp before increasing num_recs */
+		if (dns_name_is_static(recs, num_recs)) {
+			rec->dwTimeStamp = 0;
+		} else {
+			rec->dwTimeStamp = unix_to_dns_timestamp(time(NULL));
+		}
+
+		/* adding space for a new value */
 		recs = talloc_realloc(rec, recs,
 				      struct dnsp_DnssrvRpcRecord,
 				      num_recs + 1);
@@ -1965,12 +1972,6 @@ _PUBLIC_ isc_result_t dlz_addrdataset(const char *name, const char *rdatastr, vo
 			goto exit;
 		}
 		num_recs++;
-
-		if (dns_name_is_static(recs, num_recs)) {
-			rec->dwTimeStamp = 0;
-		} else {
-			rec->dwTimeStamp = unix_to_dns_timestamp(time(NULL));
-		}
 	}
 
 	recs[i] = *rec;
-- 
2.32.0