diff --git a/doc/Changelog b/doc/Changelog
index ee6e3222f..3b911d686 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+26 April 2017: Wouter
+	- Based on #1257: check parse limit before t increment in sldns RR
+	  string parse routine.
+
 24 April 2017: Wouter
 	- unbound-checkconf -o allows query of dnstap config variables.
 	  Also unbound-control get_option.  Also for dnscrypt.
diff --git a/sldns/parse.c b/sldns/parse.c
index 35dee7196..e30a753a4 100644
--- a/sldns/parse.c
+++ b/sldns/parse.c
@@ -120,6 +120,10 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
+			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+				*t = '\0';
+				return -1;
+			}
 			*t++ = ' ';
 			prev_c = c;
 			continue;