- Fix Out of Bounds Read in rrinternal_get_owner(),

reported by X41 D-Sec.
2025-12-20 14:53:15 -05:00 · 2019-11-20 08:28:12 +01:00 · 2019-11-20 08:28:12 +01:00 · d79d75538b
commit d79d75538b
parent fa23ee8f31
2 changed files with 7 additions and 0 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,7 @@
+20 November 2019: Wouter
+	- Fix Out of Bounds Read in rrinternal_get_owner(),
+	  reported by X41 D-Sec.
+
 19 November 2019: Wouter
 	- Fix CVE-2019-18934, shell execution in ipsecmod.
 	- 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@ -193,6 +193,9 @@ rrinternal_get_owner(sldns_buffer* strbuf, uint8_t* rr, size_t* len,
 			sldns_buffer_position(strbuf));
 	}

+	if(token_len < 2) /* make sure there is space to read "@" or "" */
+		return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
+			sldns_buffer_position(strbuf));
 	if(token[0]=='@' && token[1]=='\0') {
 		uint8_t* tocopy;
 		if (origin) {