- Fix Out-of-bounds Read in rr_comment_dnskey(),

  reported by X41 D-Sec.

diff --git a/doc/Changelog b/doc/Changelog
index 823d837a142f4a819ea05436319400dda16d6e9a..9803ae8ccca41a2d1788eb324db4369de8f8a24b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,8 @@
          reported by X41 D-Sec.
        - Fix Unchecked NULL Pointer in dns64_inform_super()
          and ipsecmod_new(), reported by X41 D-Sec.
+       - Fix Out-of-bounds Read in rr_comment_dnskey(),
+         reported by X41 D-Sec.
 
 18 November 2019: Wouter
        - In unbound-host use separate variable for get_option to please

diff --git a/sldns/wire2str.c b/sldns/wire2str.c
index 01ec84b3c50696b21135c866d5fc1c18f257e94d..f4f52abeb31ff1ad8c586a02569ade7c28b6037a 100644 (file)
--- a/sldns/wire2str.c
+++ b/sldns/wire2str.c
@@ -585,6 +585,7 @@ static int rr_comment_dnskey(char** s, size_t* slen, uint8_t* rr,
        if(rrlen < dname_off + 10) return 0;
        rdlen = sldns_read_uint16(rr+dname_off+8);
        if(rrlen < dname_off + 10 + rdlen) return 0;
+       if(rdlen < 2) return 0;
        rdata = rr + dname_off + 10;
        flags = (int)sldns_read_uint16(rdata);
        w += sldns_str_print(s, slen, " ;{");