From b274f3fad77d7325650ee3d1e4fd7f94b92edebe Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 27 Feb 2019 10:32:18 +1100
Subject: [PATCH] enforce DS hash exists

---
 lib/dns/rdata/generic/ds_43.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/rdata/generic/ds_43.c b/lib/dns/rdata/generic/ds_43.c
index c36ea3a3b2..8312351b26 100644
--- a/lib/dns/rdata/generic/ds_43.c
+++ b/lib/dns/rdata/generic/ds_43.c
@@ -166,7 +166,7 @@ generic_fromwire_ds(ARGS_FROMWIRE) {
 	/*
 	 * Check digest lengths if we know them.
 	 */
-	if (sr.length < 4 ||
+	if (sr.length < 5 ||
 	    (sr.base[3] == DNS_DSDIGEST_SHA1 &&
 	     sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
 	    (sr.base[3] == DNS_DSDIGEST_SHA256 &&