From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 20 Nov 2019 07:28:12 +0000 (+0100)
Subject: - Fix Out of Bounds Read in rrinternal_get_owner(),
X-Git-Tag: release-1.9.6rc1~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d79d75538bd3d23f6dbf67c782145e00b255fead;p=thirdparty%2Funbound.git

- Fix Out of Bounds Read in rrinternal_get_owner(),
  reported by X41 D-Sec.
---

diff --git a/doc/Changelog b/doc/Changelog
index 54c69a8f7..d02d74122 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+20 November 2019: Wouter
+	- Fix Out of Bounds Read in rrinternal_get_owner(),
+	  reported by X41 D-Sec.
+
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
 	- 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 7c91bbe3d..705cbc286 100644
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -193,6 +193,9 @@ rrinternal_get_owner(sldns_buffer* strbuf, uint8_t* rr, size_t* len,
 			sldns_buffer_position(strbuf));
 	}
 
+	if(token_len < 2) /* make sure there is space to read "@" or "" */
+		return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
+			sldns_buffer_position(strbuf));
 	if(token[0]=='@' && token[1]=='\0') {
 		uint8_t* tocopy;
 		if (origin) {