From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 19 Nov 2019 09:09:44 +0000 (+0100)
Subject: - Fix authzone printout buffer length check.
X-Git-Tag: release-1.9.6rc1~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16bbfc34613f31bf5a206eab91ecffc6c3b0f18a;p=thirdparty%2Funbound.git

- Fix authzone printout buffer length check.
---

diff --git a/doc/Changelog b/doc/Changelog
index bbdb34190..8debaf4a9 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
 	- 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
+	- Fix authzone printout buffer length check.
 
 18 November 2019: Wouter
 	- In unbound-host use separate variable for get_option to please
diff --git a/services/authzone.c b/services/authzone.c
index 585f86505..9bfea7c3d 100644
--- a/services/authzone.c
+++ b/services/authzone.c
@@ -1654,7 +1654,7 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl,
 	}
 	w += sldns_str_print(&s, &slen, "\n");
 
-	if(w > (int)buflen) {
+	if(w >= (int)buflen) {
 		log_nametypeclass(0, "RR too long to print", nm, tp, cl);
 		return 0;
 	}