[master] fix length check in OPENPGPKEY

4170. [security] An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. [RT #40286]
2025-08-29 13:38:26 +00:00 · 2015-08-11 20:01:44 -07:00 · 2015-08-11 20:01:44 -07:00 · c707e2b986
commit c707e2b986
parent b8a04d50a3
4 changed files with 13 additions and 1 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+4170.	[security]	An incorrect boundary check in the OPENPGPKEY
+			rdatatype could trigger an assertion failure.
+			[RT #40286]
+
 4169.	[test]		Added a 'wire_test -d' option to read input as
 			raw binary data, for use as a fuzzing harness.
 			[RT #40312]
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@ -38,6 +38,12 @@
  <sect2 id="relnotes_security">
    <title>Security Fixes</title>
    <itemizedlist>
+      <listitem>
+	<para>
+	  An incorrect boundary check in the OPENPGPKEY rdatatype
+	  could trigger an assertion failure. [RT #40286]
+	</para>
+      </listitem>
      <listitem>
 	<para>
 	  A buffer accounting error could trigger an assertion failure
--- a/lib/dns/rdata/generic/openpgpkey_61.c
+++ b/lib/dns/rdata/generic/openpgpkey_61.c
@ -81,6 +81,8 @@ fromwire_openpgpkey(ARGS_FROMWIRE) {
 	 * Keyring.
 	 */
 	isc_buffer_activeregion(source, &sr);
+	if (sr.length < 1)
+		return (ISC_R_UNEXPECTEDEND);
 	isc_buffer_forward(source, sr.length);
 	return (mem_tobuffer(target, sr.base, sr.length));
 }