Fix: buffer overflow bug

Found by static analyzer svace
Static analyzer message: Array 'token' of size 65536 bytes passed to
function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as 2nd
parameter to function 'rrinternal_parse_rdata' at str2wire.c:775, where
it is accessed by unacceptable index. This may lead to buffer overflow.

on-behalf-of: @ideco-team <github@ideco.ru>

diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 293abf79a629b71d49e1b713d74e91921cffe3d8..8c6664cde79f7d1e880b45d2f54c116fe5a6a076 100644 (file)
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -601,7 +601,7 @@ sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len,
        size_t addstrlen = 0;
 
        /* add space */
-       if(addlen < 1) return 0;
+       if(addlen < 2) return 0;
        token[*token_strlen] = ' ';
        token[++(*token_strlen)] = 0;