From: Shijin Bose (shibose) Date: Thu, 29 Jan 2026 16:12:33 +0000 (+0000) Subject: Pull request #5121: dns: add fix heap-buffer-overflow in DNS NSEC resource record... X-Git-Tag: 3.11.1.0~34 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=060d4350794a9b21b5f378c8563c4e9909fe5f8e;p=thirdparty%2Fsnort3.git Pull request #5121: dns: add fix heap-buffer-overflow in DNS NSEC resource record decoder Merge in SNORT/snort3 from ~SHIBOSE/snort3:nsec_parsing to master Squashed commit of the following: commit 8ed1d4cbaac34970a379cf7c3e4c90695167ea8e Author: shibose Date: Wed Jan 28 13:59:03 2026 +0530 dns: fix heap-buffer-overflow in DNS NSEC resource record decoder --- diff --git a/src/service_inspectors/dns/dns_rr_decoder.cc b/src/service_inspectors/dns/dns_rr_decoder.cc index 427b80341..f9e9b01d7 100644 --- a/src/service_inspectors/dns/dns_rr_decoder.cc +++ b/src/service_inspectors/dns/dns_rr_decoder.cc @@ -303,6 +303,9 @@ static void decode_nsec(const uint8_t* rdata, uint16_t rdlength, std::string& rd static const std::string nsec_prefix = "NSEC" + part_sep; static const unsigned RDATA_OFFSET = 10; const uint8_t* rr_domain_name_end = rdata - RDATA_OFFSET; + if (rr_domain_name == nullptr or rr_domain_name > rr_domain_name_end) + return; + uint16_t rr_domain_name_len = rr_domain_name_end - rr_domain_name; rdata_str.append(nsec_prefix);