From 3f3cadd416d6efa92ff2d548ac090f42cd79fee9 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Tue, 3 Dec 2019 16:01:31 +0100
Subject: [PATCH] - Fix Out of Bounds Write in sldns_str2wire_str_buf(),  
 reported by X41 D-Sec.

---
 doc/Changelog    | 2 ++
 sldns/str2wire.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/Changelog b/doc/Changelog
index aabdcec25..5c4cb3eb1 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -10,6 +10,8 @@
 	  reported by X41 D-Sec.
 	- Fix OOB Read in sldns_wire2str_dname_scan(),
 	  reported by X41 D-Sec.
+	- Fix Out of Bounds Write in sldns_str2wire_str_buf(),
+	  reported by X41 D-Sec.
 
 2 December 2019: Wouter
 	- Merge pull request #122 from he32: In tcp_callback_writer(),
diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 705cbc286..eea9a38b8 100644
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -1103,7 +1103,7 @@ int sldns_str2wire_str_buf(const char* str, uint8_t* rd, size_t* len)
 	while(sldns_parse_char(&ch, &s)) {
 		if(sl >= 255)
 			return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, s-str);
-		if(*len < sl+1)
+		if(*len < sl+2)
 			return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
 				s-str);
 		rd[++sl] = ch;
-- 
2.47.2