- Fix #1316: heap read buffer overflow in parse_edns_options.

git-svn-id: file:///svn/unbound/trunk@4240 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 3a2d5232d65719b3ffa370b1c79fd426e554fe0e..11d284de6fb367e9e282a61597dae82a2b1cd3c9 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+21 June 2017: Wouter
+       - Fix #1316: heap read buffer overflow in parse_edns_options.
+
 20 June 2017: Wouter
        - Fix warning in pythonmod under clang compiler.
        - Tag 1.6.4rc1

diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index 5381500e1523f1361526008f78a03c32d89a5488..288720068b106351ca725d11d7ce48e405032da6 100644 (file)
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -1018,7 +1018,7 @@ parse_extract_edns(struct msg_parse* msg, struct edns_data* edns,
        edns->opt_list = NULL;
 
        /* take the options */
-       rdata_len = found->rr_first->size;
+       rdata_len = found->rr_first->size-2;
        rdata_ptr = found->rr_first->ttl_data+6;
        if(!parse_edns_options(rdata_ptr, rdata_len, edns, region))
                return 0;