3621. [security] Incorrect bounds checking on private type 'keydata'

                        can lead to a remotely triggerable REQUIRE failure
                        (CVE-2013-4854). [RT #34238]

(cherry picked from commit fdb4ae8f6c00d8ea03bde929bd4e47056972017d)

diff --git a/CHANGES b/CHANGES
index 31f7ddae07fbe507a9603f531cbc07126dd0c644..8f5420995541883c72785edf27a311d9bcd55fe8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
        --- 9.8.6rc1 released ---
 
+3621.  [security]      Incorrect bounds checking on private type 'keydata'
+                       can lead to a remotely triggerable REQUIRE failure
+                       (CVE-2013-4854). [RT #34238]
+
 3615.  [cleanup]       "configure" now finishes by printing a summary
                        of optional BIND features and whether they are
                        active or inactive. ("configure --enable-full-report"

diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c
index 2592c30f6a08b5ab04cbf229010cdab330102f16..317e1a87246a7ad1ed3eb479abdd4097527d3fae 100644 (file)
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
        UNUSED(options);
 
        isc_buffer_activeregion(source, &sr);
-       if (sr.length < 4)
+       if (sr.length < 16)
                return (ISC_R_UNEXPECTEDEND);
 
        isc_buffer_forward(source, sr.length);