From: Mark Andrews <marka@isc.org>
Date: Tue, 16 Jul 2013 22:03:50 +0000 (+1000)
Subject: 3621.   [security]      Incorrect bounds checking on private type 'keydata'
X-Git-Tag: v9.9.3-P2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f3c715e4159a12f0b5766f7a6bbf644a75ef2b9;p=thirdparty%2Fbind9.git

3621.   [security]      Incorrect bounds checking on private type 'keydata'
                        can lead to a remotely triggerable REQUIRE failure
                        (CVE-2013-4854). [RT #34238]

(cherry picked from commit fdb4ae8f6c00d8ea03bde929bd4e47056972017d)
---

diff --git a/CHANGES b/CHANGES
index 7eb60ad61fc..09fc4657ba0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3621.	[security]	Incorrect bounds checking on private type 'keydata'
+			can lead to a remotely triggerable REQUIRE failure
+			(CVE-2013-4854). [RT #34238]
+
 	--- 9.9.3-P1 released ---
 
 3584.	[security]	Caching data from an incompletely signed zone could
diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c
index 46bf6fce201..a2d83f456e4 100644
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -194,7 +194,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
 	UNUSED(options);
 
 	isc_buffer_activeregion(source, &sr);
-	if (sr.length < 4)
+	if (sr.length < 16)
 		return (ISC_R_UNEXPECTEDEND);
 
 	isc_buffer_forward(source, sr.length);