From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 24 Sep 2019 14:50:27 +0000 (+0200)
Subject: * bugfix #70: heap Out-of-bound Read vulnerability in
X-Git-Tag: 1.8.0-rc.1~79^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15d96206996bea969fbc918eb0a4a346f514b9f3;p=thirdparty%2Fldns.git

* bugfix #70: heap Out-of-bound Read vulnerability in
  rr_frm_str_internal reported by pokerfacett.
---

diff --git a/Changelog b/Changelog
index 5972c261..8d8a1a3f 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,7 @@
+...
+	* bugfix #70: heap Out-of-bound Read vulnerability in
+	  rr_frm_str_internal reported by pokerfacett.
+
 1.7.1	2019-07-26
 	* bugfix: Manage verification paths for OpenSSL >= 1.1.0
 	  Thanks Marco Davids
diff --git a/rr.c b/rr.c
index 6642aca7..adf67ae4 100644
--- a/rr.c
+++ b/rr.c
@@ -365,15 +365,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
 				ldns_buffer_remaining(rd_buf) > 0){
 
 			/* skip spaces */
-			while (*(ldns_buffer_current(rd_buf)) == ' ') {
+			while (sldns_buffer_remaining(strbuf) > 0 &&
+				*(ldns_buffer_current(rd_buf)) == ' ') {
 				ldns_buffer_skip(rd_buf, 1);
 			}
 
-			if (*(ldns_buffer_current(rd_buf)) == '\"') {
+			if (sldns_buffer_remaining(strbuf) > 0 &&
+				*(ldns_buffer_current(rd_buf)) == '\"') {
 				delimiters = "\"\0";
 				ldns_buffer_skip(rd_buf, 1);
 				quoted = true;
-			} else if (ldns_rr_descriptor_field_type(desc, r_cnt)
+			}
+			if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
 					== LDNS_RDF_TYPE_LONG_STR) {
 
 				status = LDNS_STATUS_SYNTAX_RDATA_ERR;