diff options
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | lib/dns/rdata/generic/keydata_65533.c | 2 | ||||
| -rw-r--r-- | version | 2 |
3 files changed, 8 insertions, 2 deletions
@@ -1,3 +1,9 @@ + --- 9.8.5-P2 released --- + +3621. [security] Incorrect bounds checking on private type 'keydata' + can lead to a remotely triggerable REQUIRE failure + (CVE-2013-4854). [RT #34238] + --- 9.8.5-P1 released --- 3584. [security] Caching data from an incompletely signed zone could diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c index 2592c30f6a08..317e1a87246a 100644 --- a/lib/dns/rdata/generic/keydata_65533.c +++ b/lib/dns/rdata/generic/keydata_65533.c @@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) { UNUSED(options); isc_buffer_activeregion(source, &sr); - if (sr.length < 4) + if (sr.length < 16) return (ISC_R_UNEXPECTEDEND); isc_buffer_forward(source, sr.length); @@ -9,4 +9,4 @@ MAJORVER=9 MINORVER=8 PATCHVER=5 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=2 |