From: Mark Andrews <marka@isc.org>
Date: Thu, 13 Aug 2020 03:21:46 +0000 (+1000)
Subject: NSEC3PARAM: check that saltlen is consistent with the rdata length
X-Git-Tag: v9.17.5~50^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7dc8e720ff1360837fc8c0649445bcaa2b1236d4;p=thirdparty%2Fbind9.git

NSEC3PARAM: check that saltlen is consistent with the rdata length
---

diff --git a/lib/dns/rdata/generic/nsec3param_51.c b/lib/dns/rdata/generic/nsec3param_51.c
index a064d43cc6c..0ea3103f8e9 100644
--- a/lib/dns/rdata/generic/nsec3param_51.c
+++ b/lib/dns/rdata/generic/nsec3param_51.c
@@ -160,7 +160,7 @@ fromwire_nsec3param(ARGS_FROMWIRE) {
 	saltlen = sr.base[4];
 	isc_region_consume(&sr, 5);
 
-	if (sr.length < saltlen) {
+	if (sr.length != saltlen) {
 		RETERR(DNS_R_FORMERR);
 	}
 	isc_region_consume(&sr, saltlen);