- Fix out-of-bounds null-byte write in sldns_bget_token_par while

parsing type WKS, reported by Luis Merino from X41 D-Sec.

doc/Changelog

@@ -1,5 +1,7 @@
 8 January 2020: Wouter
 	- Fix 'make test' to work for --disable-sha1 configure option.
+	- Fix out-of-bounds null-byte write in sldns_bget_token_par while
+	  parsing type WKS, reported by Luis Merino from X41 D-Sec.
 
 6 January 2020: George
 	- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.

sldns/parse.c

@@ -120,7 +120,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
-			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+			if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) {
 				*t = '\0';
 				return -1;
 			}
@@ -141,7 +141,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 		if (c != '\0' && c != '\n') {
 			i++;
 		}
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) {
 			*t = '\0';
 			return -1;
 		}
@@ -327,7 +327,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim,
 			/* do not write ' ' if we want to skip spaces */
 			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) {
 				/* check for space for the space character */
-				if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+				if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) {
 					*t = '\0';
 					return -1;
 				}
@@ -354,7 +354,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim,
 		}
 
 		i++;
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		if (limit > 0 && (i > limit || (size_t)(t-token) > limit)) {
 			*t = '\0';
 			return -1;
 		}