IPSECKEY: require non-zero length public keys

2026-06-09 07:52:15 -04:00 · 2020-08-13 13:08:17 +10:00 · 2020-08-13 13:08:17 +10:00 · d7f7014803
commit d7f7014803
parent a238f37239
1 changed files with 8 additions and 2 deletions
--- a/lib/dns/rdata/generic/ipseckey_45.c
+++ b/lib/dns/rdata/generic/ipseckey_45.c
@ -230,18 +230,21 @@ fromwire_ipseckey(ARGS_FROMWIRE) {

 	switch (region.base[1]) {
 	case 0:
+		if (region.length < 4) {
+			return (ISC_R_UNEXPECTEDEND);
+		}
 		isc_buffer_forward(source, region.length);
 		return (mem_tobuffer(target, region.base, region.length));

 	case 1:
-		if (region.length < 7) {
+		if (region.length < 8) {
 			return (ISC_R_UNEXPECTEDEND);
 		}
 		isc_buffer_forward(source, region.length);
 		return (mem_tobuffer(target, region.base, region.length));

 	case 2:
-		if (region.length < 19) {
+		if (region.length < 20) {
 			return (ISC_R_UNEXPECTEDEND);
 		}
 		isc_buffer_forward(source, region.length);
@ -253,6 +256,9 @@ fromwire_ipseckey(ARGS_FROMWIRE) {
 		RETERR(dns_name_fromwire(&name, source, dctx, options, target));
 		isc_buffer_activeregion(source, &region);
 		isc_buffer_forward(source, region.length);
+		if (region.length < 1) {
+			return (ISC_R_UNEXPECTEDEND);
+		}
 		return (mem_tobuffer(target, region.base, region.length));

 	default: