NSEC3: reject records with a zero length hash field

author Mark Andrews <marka@isc.org>

Thu, 13 Aug 2020 02:46:55 +0000 (12:46 +1000)

committer Mark Andrews <marka@isc.org>

Thu, 13 Aug 2020 14:23:47 +0000 (00:23 +1000)
author Mark Andrews <marka@isc.org>
Thu, 13 Aug 2020 02:46:55 +0000 (12:46 +1000)
committer Mark Andrews <marka@isc.org>
Thu, 13 Aug 2020 14:23:47 +0000 (00:23 +1000)
diff --git a/lib/dns/rdata/generic/nsec3_50.c b/lib/dns/rdata/generic/nsec3_50.c

index f97388c7f8ac3267ab841990fd7442803affde24..2767f02498f80cbe955c78b0e3e6f33e524cc8f7 100644 (file)
--- a/lib/dns/rdata/generic/nsec3_50.c
+++ b/lib/dns/rdata/generic/nsec3_50.c
@@ -203,8 +203,9 @@ fromwire_nsec3(ARGS_FROMWIRE) {
         hashlen = sr.base[0];
         isc_region_consume(&sr, 1);
  
-       if (sr.length < hashlen)
+       if (hashlen < 1 || sr.length < hashlen) {
                 RETERR(DNS_R_FORMERR);
+       }
         isc_region_consume(&sr, hashlen);
  
         RETERR(typemap_test(&sr, true));
author	Mark Andrews <marka@isc.org>
	Thu, 13 Aug 2020 02:46:55 +0000 (12:46 +1000)
committer	Mark Andrews <marka@isc.org>
	Thu, 13 Aug 2020 14:23:47 +0000 (00:23 +1000)