From 586d94eb740587975d5348b22a5fb8440d95925d Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sun, 25 May 2014 12:39:03 +1000
Subject: [PATCH] 3861.   [security]      Missing isc_buffer_availablelength
 check results                         in a REQUIRE assertion when printing
 out a packet.                         [RT #36078]

---
 CHANGES           | 4 ++++
 lib/dns/message.c | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 96a7ce20df..f06d1d1ceb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3861.	[security]	Missing isc_buffer_availablelength check results
+			in a REQUIRE assertion when printing out a packet.
+			[RT #36078]
+
 3860.	[bug]		ioctl(DP_POLL) array size needs to be determined
 			at run time as it is limited to {OPEN_MAX}.
 			[RT #35878]
diff --git a/lib/dns/message.c b/lib/dns/message.c
index a062e951ba..88c9239eb6 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -3248,7 +3248,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
 				dns_pseudosection_t section,
 				const dns_master_style_t *style,
 				dns_messagetextflag_t flags,
-				isc_buffer_t *target) {
+				isc_buffer_t *target)
+{
 	dns_rdataset_t *ps = NULL;
 	dns_name_t *name = NULL;
 	isc_result_t result;
@@ -3369,6 +3370,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
 				 * version
 				 */
 				ADD_STRING(target, "(\"");
+				if (isc_buffer_availablelength(target) < optlen)
+					return (ISC_R_NOSPACE);
 				for (i = 0; i < optlen; i++) {
 					if (isprint(optdata[i]))
 						isc_buffer_putmem(target,