From: Matt Corallo Date: Tue, 9 Jul 2024 21:10:22 +0000 (+0000) Subject: Correct length check in `read_nsec_typtes_bitmap` X-Git-Tag: v0.5.5~1 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=a0b0aa633942c4494eb19e4004c1210c84633764;p=dnssec-prover Correct length check in `read_nsec_typtes_bitmap` This fixes a reachable panic when deserializing certain `RR`s, found by the fuzzer. --- diff --git a/src/ser.rs b/src/ser.rs index 30ab302..77c4b9b 100644 --- a/src/ser.rs +++ b/src/ser.rs @@ -66,7 +66,7 @@ pub(crate) fn read_nsec_types_bitmap(inp: &mut &[u8]) -> Result<[u8; 8192], ()> let block = *inp.get(0).ok_or(())?; let len = *inp.get(1).ok_or(())?; *inp = &inp[2..]; - if inp.len() < len as usize { return Err(()); } + if inp.len() < block as usize * 32 + len as usize { return Err(()); } res[block as usize * 32..block as usize * 32 + len as usize] .copy_from_slice(&inp[..len as usize]); *inp = &inp[len as usize..];