From 01ebb668a4622d17b7a92bb4c836441e3edd0d42 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sat, 23 May 2026 18:53:27 +0200
Subject: [PATCH] BUG/MINOR: resolvers: fix room for trailing zero in
 resolv_dn_label_to_str()

The previous fix 75f72c2eb ("BUG/MEDIUM: resolvers: Fix test on dn label
size in resolv_dn_label_to_str()") can still be fooled by an input exactly
the size of str_len, in which case the trailing zero appended at the end
was not being accounted for. Let's add 1 to the condition to prepare for
it.

This needs to be backported wherever the fix above is backported.
---
 src/resolvers.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/resolvers.c b/src/resolvers.c
index ee49fb8f9..5308eaeb7 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@ -1857,8 +1857,8 @@ int resolv_dn_label_to_str(const char *dn, int dn_len, char *str, int str_len)
 	for (i = 0; i < dn_len; ++i) {
 		sz = (unsigned char)dn[i];
 
-		/* Check str_len adding 1 for the dot if (i!=0) */
-		if (str_len < sz+i+(!!i))
+		/* Check str_len adding 1 for the dot if (i!=0) and 1 for null terminator */
+		if (str_len < sz+i+(!!i)+1)
 			return -1;
 
 		if (i)