From f6d7b8c20d7ad0ce5ea74c6ee6f76c68e1f7208b Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 17 Aug 2020 11:21:41 +1000
Subject: [PATCH] RRSIG: reject records with empty SIG section

---
 lib/dns/rdata/generic/rrsig_46.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/dns/rdata/generic/rrsig_46.c b/lib/dns/rdata/generic/rrsig_46.c
index 0c63e1e9c4..a247964883 100644
--- a/lib/dns/rdata/generic/rrsig_46.c
+++ b/lib/dns/rdata/generic/rrsig_46.c
@@ -311,6 +311,9 @@ fromwire_rrsig(ARGS_FROMWIRE) {
 	 * Sig.
 	 */
 	isc_buffer_activeregion(source, &sr);
+	if (sr.length < 1) {
+		return (DNS_R_FORMERR);
+	}
 	isc_buffer_forward(source, sr.length);
 	return (mem_tobuffer(target, sr.base, sr.length));
 }