--- /dev/null
+diff -up ldns-1.6.17/keys.c.dsa ldns-1.6.17/keys.c
+--- ldns-1.6.17/keys.c.dsa 2014-01-10 22:04:41.000000000 +0100
++++ ldns-1.6.17/keys.c 2014-03-18 17:54:34.751742493 +0100
+@@ -1324,7 +1324,6 @@ ldns_key_dsa2bin(unsigned char *data, DS
+ /* See RFC2536 */
+ *size = (uint16_t)BN_num_bytes(k->p);
+ T = (*size - 64) / 8;
+- memcpy(data, &T, 1);
+
+ if (T > 8) {
+ #ifdef STDERR_MSGS
+@@ -1335,12 +1334,13 @@ ldns_key_dsa2bin(unsigned char *data, DS
+ }
+
+ /* size = 64 + (T * 8); */
++ memset(data, 0, 21 + *size * 3);
+ data[0] = (unsigned char)T;
+ BN_bn2bin(k->q, data + 1 ); /* 20 octects */
+ BN_bn2bin(k->p, data + 21 ); /* offset octects */
+- BN_bn2bin(k->g, data + 21 + *size); /* offset octets */
+- BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */
+- *size = 21 + (*size * 3);
++ BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g));
++ BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key));
++ *size = 21 + *size * 3;
+ return true;
+ }
+