From 136ec420437041fe13f344a2053e774f9050cc38 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 26 Sep 2019 09:27:29 +0200 Subject: [PATCH] * bugfix #51: Heap Out-of-bound Read vulnerability in ldns_nsec3_salt_data reported by pokerfacett. --- Changelog | 2 ++ dnssec.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Changelog b/Changelog index 530fad89..e4685605 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,8 @@ ... * bugfix #50: heap Out-of-bound Read vulnerability in rr_frm_str_internal reported by pokerfacett. + * bugfix #51: Heap Out-of-bound Read vulnerability in + ldns_nsec3_salt_data reported by pokerfacett. 1.7.1 2019-07-26 * bugfix: Manage verification paths for OpenSSL >= 1.1.0 diff --git a/dnssec.c b/dnssec.c index 52c35ee7..482cefd6 100644 --- a/dnssec.c +++ b/dnssec.c @@ -1332,6 +1332,8 @@ ldns_nsec3_salt_data(const ldns_rr *nsec3_rr) ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { salt_length = ldns_rdf_data(salt_rdf)[0]; + if((size_t)salt_length+1 > ldns_rdf_size(salt_rdf)) + return NULL; salt = LDNS_XMALLOC(uint8_t, salt_length); if(!salt) return NULL; memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length); -- 2.47.3