RRSIG: reject records with empty SIG section

author Mark Andrews <marka@isc.org>

Mon, 17 Aug 2020 01:21:41 +0000 (11:21 +1000)

committer Ondřej Surý <ondrej@sury.org>

Tue, 18 Aug 2020 09:04:05 +0000 (11:04 +0200)
author Mark Andrews <marka@isc.org>
Mon, 17 Aug 2020 01:21:41 +0000 (11:21 +1000)
committer Ondřej Surý <ondrej@sury.org>
Tue, 18 Aug 2020 09:04:05 +0000 (11:04 +0200)
diff --git a/lib/dns/rdata/generic/rrsig_46.c b/lib/dns/rdata/generic/rrsig_46.c

index 0c63e1e9c4b41061c3a94fb665f4859f9a870514..a247964883be467361f0dfb54780cea3d46df70b 100644 (file)
--- a/lib/dns/rdata/generic/rrsig_46.c
+++ b/lib/dns/rdata/generic/rrsig_46.c
@@ -311,6 +311,9 @@ fromwire_rrsig(ARGS_FROMWIRE) {
          * Sig.
          */
         isc_buffer_activeregion(source, &sr);
+       if (sr.length < 1) {
+               return (DNS_R_FORMERR);
+       }
         isc_buffer_forward(source, sr.length);
         return (mem_tobuffer(target, sr.base, sr.length));
  }
author	Mark Andrews <marka@isc.org>
	Mon, 17 Aug 2020 01:21:41 +0000 (11:21 +1000)
committer	Ondřej Surý <ondrej@sury.org>
	Tue, 18 Aug 2020 09:04:05 +0000 (11:04 +0200)