A6: return FORMERR in fromwire if bits are non zero.

oss_fuzz: Issue 24864: bind9:dns_rdata_fromwire_text_fuzzer: Overwrites-const-input in dns_rdata_fromwire_text_fuzzer

(cherry picked from commit 8452404bd7facb89790c32bab508f55bf8d37cea)
(cherry picked from commit d8a57d32b19942eea923eecfa1bdd863b3286835)

diff --git a/lib/dns/rdata/in_1/a6_38.c b/lib/dns/rdata/in_1/a6_38.c
index 1cdbe62d68aee2be868df8cd8281c0a433a1dceb..e69fc6fbc83ed805c159161aacdec0d2e2c7dab8 100644 (file)
--- a/lib/dns/rdata/in_1/a6_38.c
+++ b/lib/dns/rdata/in_1/a6_38.c
@@ -173,7 +173,9 @@ fromwire_in_a6(ARGS_FROMWIRE) {
                if (sr.length < octets)
                        return (ISC_R_UNEXPECTEDEND);
                mask = 0xff >> (prefixlen % 8);
-               sr.base[0] &= mask;     /* Ensure pad bits are zero. */
+               if ((sr.base[0] & ~mask) != 0) {
+                       return (DNS_R_FORMERR);
+               }
                RETERR(mem_tobuffer(target, sr.base, octets));
                isc_buffer_forward(source, octets);
        }