From: Mark Andrews <marka@isc.org>
Date: Mon, 17 Aug 2020 01:21:41 +0000 (+1000)
Subject: RRSIG: reject records with empty SIG section
X-Git-Tag: v9.17.5~43^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6d7b8c20d7ad0ce5ea74c6ee6f76c68e1f7208b;p=thirdparty%2Fbind9.git

RRSIG: reject records with empty SIG section
---

diff --git a/lib/dns/rdata/generic/rrsig_46.c b/lib/dns/rdata/generic/rrsig_46.c
index 0c63e1e9c4b..a247964883b 100644
--- a/lib/dns/rdata/generic/rrsig_46.c
+++ b/lib/dns/rdata/generic/rrsig_46.c
@@ -311,6 +311,9 @@ fromwire_rrsig(ARGS_FROMWIRE) {
 	 * Sig.
 	 */
 	isc_buffer_activeregion(source, &sr);
+	if (sr.length < 1) {
+		return (DNS_R_FORMERR);
+	}
 	isc_buffer_forward(source, sr.length);
 	return (mem_tobuffer(target, sr.base, sr.length));
 }