From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 21 Jun 2017 11:50:39 +0000 (+0000)
Subject: - Fix #1316: heap read buffer overflow in parse_edns_options.
X-Git-Tag: release-1.6.4rc2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=062515d9bc19adc4d353c9626eb845b5104fc93a;p=thirdparty%2Funbound.git

- Fix #1316: heap read buffer overflow in parse_edns_options.


git-svn-id: file:///svn/unbound/trunk@4240 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 3a2d5232d..11d284de6 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+21 June 2017: Wouter
+	- Fix #1316: heap read buffer overflow in parse_edns_options.
+
 20 June 2017: Wouter
 	- Fix warning in pythonmod under clang compiler.
 	- Tag 1.6.4rc1
diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index 5381500e1..288720068 100644
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -1018,7 +1018,7 @@ parse_extract_edns(struct msg_parse* msg, struct edns_data* edns,
 	edns->opt_list = NULL;
 
 	/* take the options */
-	rdata_len = found->rr_first->size;
+	rdata_len = found->rr_first->size-2;
 	rdata_ptr = found->rr_first->ttl_data+6;
 	if(!parse_edns_options(rdata_ptr, rdata_len, edns, region))
 		return 0;