From e9e1b464a6009bc6b1699e990be8b4e9372662f4 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 17 Mar 2015 16:22:04 +0000
Subject: [PATCH] extra sanity check for integer overflow.

git-svn-id: file:///svn/unbound/trunk@3368 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 util/data/msgreply.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/data/msgreply.c b/util/data/msgreply.c
index 68bcfd09e..c87c666ac 100644
--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@@ -87,6 +87,7 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
 	/* rrset_count-1 because the first ref is part of the struct. */
 	size_t s = sizeof(struct reply_info) - sizeof(struct rrset_ref) +
 		sizeof(struct ub_packed_rrset_key*) * total;
+	if(total >= 0xffffff) return NULL; /* sanity check on numRRS*/
 	if(region)
 		rep = (struct reply_info*)regional_alloc(region, s);
 	else	rep = (struct reply_info*)malloc(s + 
-- 
2.47.2