3621. [security] Incorrect bounds checking on private type 'keydata'

                        can lead to a remotely triggerable REQUIRE failure
                        (CVE-2013-4854). [RT #34238]

diff --git a/CHANGES b/CHANGES
index d06f2b59e5c31d41b0128a198080600e3cbf4476..5d7e2a1962f7f4d4873961f04743f73c56e3d71a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3621.  [security]      Incorrect bounds checking on private type 'keydata'
+                       can lead to a remotely triggerable REQUIRE failure
+                       (CVE-2013-4854). [RT #34238]
+
 3620.  [func]          Added "rpz-client-ip" policy triggers, enabling
                        RPZ responses to be configured on the basis of
                        the client IP address; this can be used, for

diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c
index 46bf6fce201ff63d34159e7bae42990259370436..a2d83f456e49364d922b9e4d01a15564ab697261 100644 (file)
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -194,7 +194,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
        UNUSED(options);
 
        isc_buffer_activeregion(source, &sr);
-       if (sr.length < 4)
+       if (sr.length < 16)
                return (ISC_R_UNEXPECTEDEND);
 
        isc_buffer_forward(source, sr.length);