Changelog entry for #532

- Merge PR #532 from Shchelk: Fix: buffer overflow bug.

diff --git a/doc/Changelog b/doc/Changelog
index 56da7994bffaedc6822ec7f4277dd17801051915..8c992c4bfb1b3eb009fcd8e30f41c29408325744 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+2 February 2022: George
+       - Merge PR #532 from Shchelk: Fix: buffer overflow bug.
+
 1 February 2022: George
        - Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
          internals.

diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 769ba1b795bc87911fee469d580378bf48dd1086..d2cefae1c09e6f7082c17e0de34af8489d45ac7e 100644 (file)
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -604,6 +604,9 @@ sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len,
        size_t addstrlen = 0;
 
        /* add space */
+       /* when addlen < 2, the token buffer is full considering the NULL byte
+        * from strlen and will lead to buffer overflow with the second
+        * assignement below. */
        if(addlen < 2) return 0;
        token[*token_strlen] = ' ';
        token[++(*token_strlen)] = 0;