From: Mark Andrews <marka@isc.org>
Date: Sat, 15 Aug 2020 00:12:50 +0000 (+1000)
Subject: A6: return FORMERR in fromwire if bits are non zero.
X-Git-Tag: v9.17.5~43^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8452404bd7facb89790c32bab508f55bf8d37cea;p=thirdparty%2Fbind9.git

A6: return FORMERR in fromwire if bits are non zero.

oss_fuzz: Issue 24864: bind9:dns_rdata_fromwire_text_fuzzer: Overwrites-const-input in dns_rdata_fromwire_text_fuzzer
---

diff --git a/lib/dns/rdata/in_1/a6_38.c b/lib/dns/rdata/in_1/a6_38.c
index ac721aad4cb..d69c5d3dc2c 100644
--- a/lib/dns/rdata/in_1/a6_38.c
+++ b/lib/dns/rdata/in_1/a6_38.c
@@ -182,7 +182,9 @@ fromwire_in_a6(ARGS_FROMWIRE) {
 			return (ISC_R_UNEXPECTEDEND);
 		}
 		mask = 0xff >> (prefixlen % 8);
-		sr.base[0] &= mask; /* Ensure pad bits are zero. */
+		if ((sr.base[0] & ~mask) != 0) {
+			return (DNS_R_FORMERR);
+		}
 		RETERR(mem_tobuffer(target, sr.base, octets));
 		isc_buffer_forward(source, octets);
 	}