From: Mark Andrews <marka@isc.org>
Date: Fri, 14 Aug 2020 22:50:37 +0000 (+1000)
Subject: dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
X-Git-Tag: v9.17.5~43^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa811801cbfec1215f7faee77be9d0c68774914f;p=thirdparty%2Fbind9.git

dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
---

diff --git a/fuzz/dns_rdata_fromwire_text.c b/fuzz/dns_rdata_fromwire_text.c
index e231168f1f2..06e73d451b5 100644
--- a/fuzz/dns_rdata_fromwire_text.c
+++ b/fuzz/dns_rdata_fromwire_text.c
@@ -95,7 +95,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	unsigned int classes = (sizeof(classlist) / sizeof(classlist[0]));
 	unsigned int types = 1, flags, t;
 
-	if (size < 2) {
+	/*
+	 * First 2 bytes are used to select type and class.
+	 * dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
+	 */
+	if (size < 2 || size > 0xffff + 2) {
 		return (0);
 	}