From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 3 Dec 2019 14:20:48 +0000 (+0100)
Subject: - Fix Assert Causing DoS in dname_pkt_copy(),
X-Git-Tag: release-1.9.6rc1~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2eb78e871153f22332d30c6647f3815148f21e5;p=thirdparty%2Funbound.git

- Fix Assert Causing DoS in dname_pkt_copy(),
  reported by X41 D-Sec.
---

diff --git a/doc/Changelog b/doc/Changelog
index 67f89849d..16b6d53c1 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -6,6 +6,8 @@
 	- Fix Assert Causing DoS in synth_cname(),
 	  reported by X41 D-Sec.
 	- Fix similar code in auth_zone synth cname to add the extra checks.
+	- Fix Assert Causing DoS in dname_pkt_copy(),
+	  reported by X41 D-Sec.
 
 2 December 2019: Wouter
 	- Merge pull request #122 from he32: In tcp_callback_writer(),
diff --git a/util/data/dname.c b/util/data/dname.c
index 71e14180d..0cca0a4e6 100644
--- a/util/data/dname.c
+++ b/util/data/dname.c
@@ -339,6 +339,10 @@ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname)
 			lablen = *dname++;
 			continue;
 		}
+		if(lablen > LDNS_MAX_LABELLEN) {
+			*to = 0; /* end the result prematurely */
+			return;
+		}
 		log_assert(lablen <= LDNS_MAX_LABELLEN);
 		len += (size_t)lablen+1;
 		if(len >= LDNS_MAX_DOMAINLEN) {