From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 18 Jun 2025 15:01:35 +0000 (+0200)
Subject: - xfr-tsig, test buffer size.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aa22fd936e3fd0a97b84d235081420771c123bbe;p=thirdparty%2Funbound.git

- xfr-tsig, test buffer size.
---

diff --git a/util/tsig.c b/util/tsig.c
index 7a82848d3..18c04a3b4 100644
--- a/util/tsig.c
+++ b/util/tsig.c
@@ -771,6 +771,13 @@ tsig_sign_query(struct tsig_data* tsig, struct sldns_buffer* pkt,
 	 * u16 fudge, u16 error, u16 other_len, <data> other_data. */
 	/* That fits in the current buffer, since the reserved space for
 	 * the TSIG record is larger. */
+	if(!sldns_buffer_available(pkt, tsig->key_name_len + 2 + 4
+		+ key->algo->wireformat_name_len + 6 + 2 + 2
+		+ 2 + tsig->other_len)) {
+		/* Buffer is too small */
+		lock_rw_unlock(&key_table->lock);
+		return 0;
+	}
 
 	/* Write uncompressed TSIG owner, it is the key name. */
 	sldns_buffer_write(pkt, tsig->key_name, tsig->key_name_len);