From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 20 May 2026 08:21:26 +0000 (+0200)
Subject: - Fix CVE-2026-44390, Unbounded name compression in certain cases
X-Git-Tag: release-1.25.1~2
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=dae7a3797424607906b132c008fc12dba867b5f3;p=thirdparty%2Funbound.git

- Fix CVE-2026-44390, Unbounded name compression in certain cases
  causes degradation of service. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.
---

diff --git a/util/data/msgencode.c b/util/data/msgencode.c
index 10979df9c..dd56cc6aa 100644
--- a/util/data/msgencode.c
+++ b/util/data/msgencode.c
@@ -352,7 +352,6 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
 		(p = compress_tree_lookup(tree, dname, labs, &insertpt))) {
 		if(!write_compressed_dname(pkt, dname, labs, p))
 			return RETVAL_TRUNC;
-		(*compress_count)++;
 	} else {
 		if(!dname_buffer_write(pkt, dname))
 			return RETVAL_TRUNC;
@@ -360,6 +359,7 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
 	if(*compress_count < MAX_COMPRESSION_PER_MESSAGE &&
 		!compress_tree_store(dname, labs, pos, region, p, insertpt))
 		return RETVAL_OUTMEM;
+	(*compress_count)++;
 	return RETVAL_OK;
 }