CERT: reject records with a empty certificate field

(cherry picked from commit a238f37239fa327a01414400fcccd203d42c0b43)

diff --git a/lib/dns/rdata/generic/cert_37.c b/lib/dns/rdata/generic/cert_37.c
index 16c859809fc524b64996aa28c010e6fbfa12d831..dfd7312cabb90b3d004960180c008368dd3fae37 100644 (file)
--- a/lib/dns/rdata/generic/cert_37.c
+++ b/lib/dns/rdata/generic/cert_37.c
@@ -121,8 +121,9 @@ fromwire_cert(ARGS_FROMWIRE) {
        UNUSED(options);
 
        isc_buffer_activeregion(source, &sr);
-       if (sr.length < 5)
+       if (sr.length < 6) {
                return (ISC_R_UNEXPECTEDEND);
+       }
 
        isc_buffer_forward(source, sr.length);
        return (mem_tobuffer(target, sr.base, sr.length));