From fa23ee8f31ba9a018c720ea822faaee639dc7a9c Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Tue, 19 Nov 2019 16:54:44 +0100
Subject: [PATCH] - Fix Out of Bounds Write in sldns_bget_token_par(),  
 reported by X41 D-Sec.

---
 doc/Changelog | 2 ++
 sldns/parse.c | 8 +++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/doc/Changelog b/doc/Changelog
index e604158ac..54c69a8f7 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -15,6 +15,8 @@
 	  sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
 	- Fix Out of Bounds Read in sldns_str2wire_dname(),
 	  reported by X41 D-Sec.
+	- Fix Out of Bounds Write in sldns_bget_token_par(),
+	  reported by X41 D-Sec.
 
 18 November 2019: Wouter
 	- In unbound-host use separate variable for get_option to please
diff --git a/sldns/parse.c b/sldns/parse.c
index b62c40597..b30264e88 100644
--- a/sldns/parse.c
+++ b/sldns/parse.c
@@ -325,8 +325,14 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim,
 		if (c == '\n' && p != 0) {
 			/* in parentheses */
 			/* do not write ' ' if we want to skip spaces */
-			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' '))))
+			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) {
+				/* check for space for the space character */
+				if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+					*t = '\0';
+					return -1;
+				}
 				*t++ = ' ';
+			}
 			lc = c;
 			continue;
 		}
-- 
2.47.2