diff mbox

[COMMITTED] hesiod: Avoid heap overflow in get_txt_records [BZ #20031]

Message ID 20160502140831.B82C040438A23@oldenburg.str.redhat.com
State New
Headers show

Commit Message

Florian Weimer May 2, 2016, 2:08 p.m. UTC 
2016-05-02  Florian Weimer  <fweimer@redhat.com>

	[BZ #20031]
	* hesiod/hesiod.c (get_txt_records): Return error if TXT record is
	completely empty.
diff mbox

Patch

diff --git a/hesiod/hesiod.c b/hesiod/hesiod.c
index 6ecbad1..c2925a0 100644
--- a/hesiod/hesiod.c
+++ b/hesiod/hesiod.c
@@ -398,7 +398,7 @@  get_txt_records(struct hesiod_p *ctx, int class, const char *name) {
 		cp += INT16SZ + INT32SZ;	/* skip the ttl, too */
 		rr.dlen = ns_get16(cp);
 		cp += INT16SZ;
-		if (cp + rr.dlen > eom) {
+		if (rr.dlen == 0 || cp + rr.dlen > eom) {
 			__set_errno(EMSGSIZE);
 			goto cleanup;
 		}