From a0b0aa633942c4494eb19e4004c1210c84633764 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Tue, 9 Jul 2024 21:10:22 +0000 Subject: [PATCH] Correct length check in `read_nsec_typtes_bitmap` This fixes a reachable panic when deserializing certain `RR`s, found by the fuzzer. --- src/ser.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ser.rs b/src/ser.rs index 30ab302..77c4b9b 100644 --- a/src/ser.rs +++ b/src/ser.rs @@ -66,7 +66,7 @@ pub(crate) fn read_nsec_types_bitmap(inp: &mut &[u8]) -> Result<[u8; 8192], ()> let block = *inp.get(0).ok_or(())?; let len = *inp.get(1).ok_or(())?; *inp = &inp[2..]; - if inp.len() < len as usize { return Err(()); } + if inp.len() < block as usize * 32 + len as usize { return Err(()); } res[block as usize * 32..block as usize * 32 + len as usize] .copy_from_slice(&inp[..len as usize]); *inp = &inp[len as usize..]; -- 2.39.5