This patch fixes a bug in rbldnsd (many versions prior to and
including 0.994) where, in case of bad input data (zone file),
rbldnsd instead of rejecting the line will add it to the dataset
but with uninitialized result pointer, which can lead to crash
(SIGSEGV).  The problem only happens with ip4set and ip4trie
dataset types (not with ip4tset), and only if the input data
line have valid ip address but wrong A+TXT template (eg, invalid
A value).  The problem is not exploitable (the memory referenced
for reading only), the only bad thing that can happen is crash
(ie, DoS).

/mjt

Index: rbldnsd_ip4set.c
===================================================================
RCS file: /ws/CVS/rbldnsd/rbldnsd_ip4set.c,v
retrieving revision 1.39
diff -u -u -p -r1.39 rbldnsd_ip4set.c
--- rbldnsd_ip4set.c	13 Dec 2004 01:22:31 -0000	1.39
+++ rbldnsd_ip4set.c	15 Apr 2005 21:43:12 -0000
@@ -128,7 +128,7 @@ ds_ip4set_line(struct dataset *ds, char 
     if (!*s || ISCOMMENT(*s))
       rr = dsd->def_rr;
     else if (!(rrl = parse_a_txt(s, &rr, dsd->def_rr, dsc)))
-      dswarn(dsc, "invalid value");
+      return 1;
     else if (!(rr = mp_dmemdup(ds->ds_mp, rr, rrl)))
       return 0;
   }
Index: rbldnsd_ip4trie.c
===================================================================
RCS file: /ws/CVS/rbldnsd/rbldnsd_ip4trie.c,v
retrieving revision 1.12
diff -u -u -p -r1.12 rbldnsd_ip4trie.c
--- rbldnsd_ip4trie.c	13 Dec 2004 01:22:31 -0000	1.12
+++ rbldnsd_ip4trie.c	15 Apr 2005 21:43:12 -0000
@@ -213,7 +213,7 @@ ds_ip4trie_line(struct dataset *ds, char
     if (!*s || ISCOMMENT(*s))
       rr = dsd->def_rr;
     else if (!(rrl = parse_a_txt(s, &rr, dsd->def_rr, dsc)))
-      dswarn(dsc, "invalid value");
+      return 1;
     else if (!(rr = mp_dmemdup(ds->ds_mp, rr, rrl)))
       return 0;
   }