From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 27 Mar 2026 14:42:45 +0000 (+0100)
Subject: - Fix defense in depth for service callback with empty packet.
X-Git-Tag: release-1.25.0rc1~43
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2e9b88071886a9ac307fe31dc90b7969ca121469;p=thirdparty%2Funbound.git

- Fix defense in depth for service callback with empty packet.
---

diff --git a/daemon/worker.c b/daemon/worker.c
index 83ee0815e..026abfcbc 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -255,7 +255,8 @@ worker_handle_service_reply(struct comm_point* c, void* arg, int error,
 		return 0;
 	}
 	/* sanity check. */
-	if(!LDNS_QR_WIRE(sldns_buffer_begin(c->buffer))
+	if(sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE
+		|| !LDNS_QR_WIRE(sldns_buffer_begin(c->buffer))
 		|| LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) !=
 			LDNS_PACKET_QUERY
 		|| LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) > 1) {
diff --git a/doc/Changelog b/doc/Changelog
index 1d0e2add1..444d8bc78 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 27 March 2026: Wouter
 	- Fix to allow the control-interface config to use ip@port notation.
 	- Fix test code to allow empty hex answer packets from testbound.
+	- Fix defense in depth for service callback with empty packet.
 
 24 March 2026: Wouter
 	- Fix to check for invalid http content length and chunk size,