Correct length check in `read_nsec_typtes_bitmap`

This fixes a reachable panic when deserializing certain `RR`s,
found by the fuzzer.

diff --git a/src/ser.rs b/src/ser.rs
index 30ab302dcbeb894356147233b6492a2cdaa8510b..77c4b9bc78ec69fca293f5ed76a7ab8b13e05e26 100644 (file)
--- a/src/ser.rs
+++ b/src/ser.rs
@@ -66,7 +66,7 @@ pub(crate) fn read_nsec_types_bitmap(inp: &mut &[u8]) -> Result<[u8; 8192], ()>
                let block = *inp.get(0).ok_or(())?;
                let len = *inp.get(1).ok_or(())?;
                *inp = &inp[2..];
-               if inp.len() < len as usize { return Err(()); }
+               if inp.len() < block as usize * 32 + len as usize { return Err(()); }
                res[block as usize * 32..block as usize * 32 + len as usize]
                        .copy_from_slice(&inp[..len as usize]);
                *inp = &inp[len as usize..];