From aa811801cbfec1215f7faee77be9d0c68774914f Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sat, 15 Aug 2020 08:50:37 +1000
Subject: [PATCH] dns_rdata_fromwire() only accepts input up to 2^16-1 octets.

---
 fuzz/dns_rdata_fromwire_text.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fuzz/dns_rdata_fromwire_text.c b/fuzz/dns_rdata_fromwire_text.c
index e231168f1f..06e73d451b 100644
--- a/fuzz/dns_rdata_fromwire_text.c
+++ b/fuzz/dns_rdata_fromwire_text.c
@@ -95,7 +95,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	unsigned int classes = (sizeof(classlist) / sizeof(classlist[0]));
 	unsigned int types = 1, flags, t;
 
-	if (size < 2) {
+	/*
+	 * First 2 bytes are used to select type and class.
+	 * dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
+	 */
+	if (size < 2 || size > 0xffff + 2) {
 		return (0);
 	}