From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 3 Jun 2026 12:35:06 +0000 (+0200)
Subject: - Fix ipset module to use larger domain name buffers, and
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=04a6322aa4cdf99844df0df4195d6014d928f038;p=thirdparty%2Funbound.git

- Fix ipset module to use larger domain name buffers, and
  check buffer lengths. Thanks to Qifan Zhang, Palo Alto
  Networks for the report.
---

diff --git a/doc/Changelog b/doc/Changelog
index 3745c5d8b..bd1812165 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -14,6 +14,9 @@
 	- Fix that quotation and escaping works the same in auth-zone
 	  url content, as in the zonefile read. Thanks to Qifan Zhang,
 	  Palo Alto Networks for the report.
+	- Fix ipset module to use larger domain name buffers, and
+	  check buffer lengths. Thanks to Qifan Zhang, Palo Alto
+	  Networks for the report.
 
 3 June 2026: Yorgos
 	- Fix const as reported by newest compiler warnings.
diff --git a/ipset/ipset.c b/ipset/ipset.c
index 47740447a..1f9af4d9c 100644
--- a/ipset/ipset.c
+++ b/ipset/ipset.c
@@ -219,15 +219,15 @@ ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie,
 	struct ub_packed_rrset_key *rrset, const char *qname, int qlen,
 	const char *setname, int af)
 {
-	char dname[BUFF_LEN];
+	char dname[LDNS_MAX_DOMAINLEN*4+16];
 	const char *ds, *qs;
 	int dlen, plen;
 
 	struct config_strlist *p;
 	struct packed_rrset_data *d;
 
-	dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, BUFF_LEN);
-	if (dlen == 0) {
+	dlen = sldns_wire2str_dname_buf(rrset->rk.dname, rrset->rk.dname_len, dname, sizeof(dname));
+	if (dlen == 0 || dlen >= (int)sizeof(dname)) {
 		log_err("bad domain name");
 		return -1;
 	}
@@ -269,7 +269,7 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg,
 	const char *setname;
 	struct ub_packed_rrset_key *rrset;
 	int af;
-	char qname[BUFF_LEN];
+	char qname[LDNS_MAX_DOMAINLEN*4+16];
 	int qlen;
 
 #ifdef HAVE_NET_PFVAR_H
@@ -285,8 +285,8 @@ static int ipset_update(struct module_env *env, struct dns_msg *return_msg,
 #endif
 
 	qlen = sldns_wire2str_dname_buf(qinfo.qname, qinfo.qname_len,
-		qname, BUFF_LEN);
-	if(qlen == 0) {
+		qname, sizeof(qname));
+	if(qlen == 0 || qlen >= (int)sizeof(qname)) {
 		log_err("bad domain name");
 		return -1;
 	}