From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 20 May 2026 08:15:30 +0000 (+0200)
Subject: - Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew
X-Git-Tag: release-1.25.1~8
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=a587535c5dd8a5ea8259507152f055be318367df;p=thirdparty%2Funbound.git

- Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew
  Griffiths from 'calif.io' for the report.
---

diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c
index 4902447fd..173484cdf 100644
--- a/dnscrypt/dnscrypt.c
+++ b/dnscrypt/dnscrypt.c
@@ -361,7 +361,7 @@ dnscrypt_server_uncurve(struct dnsc_env* env,
 
     len -= DNSCRYPT_QUERY_HEADER_SIZE;
 
-    while (*sldns_buffer_at(buffer, --len) == 0)
+    while (len>0 && *sldns_buffer_at(buffer, --len) == 0)
         ;
 
     if (*sldns_buffer_at(buffer, len) != 0x80) {
diff --git a/doc/Changelog b/doc/Changelog
index d8ef6ee82..614e92ed6 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -6,6 +6,8 @@
 	  Networks, for the report.
 	- Fix CVE-2026-42959, Crash during DNSSEC validation of malicious
 	  content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
+	- Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew
+	  Griffiths from 'calif.io' for the report.
 
 23 April 2026: Wouter
 	- Merge #1441: Fix buffer overrun in