RRSIG: reject records with empty SIG section

(cherry picked from commit f6d7b8c20d7ad0ce5ea74c6ee6f76c68e1f7208b)
(cherry picked from commit 6b1675a62c5a565b936b02f8379bb28f3193b4e0)

diff --git a/lib/dns/rdata/generic/rrsig_46.c b/lib/dns/rdata/generic/rrsig_46.c
index f7aa66e37257b0fd43eba4e970f93366cecdca8b..aad6c69ea19e9518e86aa7e0c56178560955ef28 100644 (file)
--- a/lib/dns/rdata/generic/rrsig_46.c
+++ b/lib/dns/rdata/generic/rrsig_46.c
@@ -294,6 +294,9 @@ fromwire_rrsig(ARGS_FROMWIRE) {
         * Sig.
         */
        isc_buffer_activeregion(source, &sr);
+       if (sr.length < 1) {
+               return (DNS_R_FORMERR);
+       }
        isc_buffer_forward(source, sr.length);
        return (mem_tobuffer(target, sr.base, sr.length));
 }