From: Shchelkunov Artem <a.shchelkunov@ideco.ru>
Date: Fri, 20 Aug 2021 14:45:54 +0000 (+0500)
Subject: Fix: buffer overflow bug
X-Git-Tag: release-1.15.0rc1~13^2~1^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F532%2Fhead;p=thirdparty%2Funbound.git

Fix: buffer overflow bug

Found by static analyzer svace
Static analyzer message: Array 'token' of size 65536 bytes passed to
function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as 2nd
parameter to function 'rrinternal_parse_rdata' at str2wire.c:775, where
it is accessed by unacceptable index. This may lead to buffer overflow.

on-behalf-of: @ideco-team <github@ideco.ru>
---

diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 293abf79a..8c6664cde 100644
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -601,7 +601,7 @@ sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len,
 	size_t addstrlen = 0;
 
 	/* add space */
-	if(addlen < 1) return 0;
+	if(addlen < 2) return 0;
 	token[*token_strlen] = ' ';
 	token[++(*token_strlen)] = 0;