From a0b0aa633942c4494eb19e4004c1210c84633764 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Tue, 9 Jul 2024 21:10:22 +0000
Subject: [PATCH] Correct length check in `read_nsec_typtes_bitmap`

This fixes a reachable panic when deserializing certain `RR`s,
found by the fuzzer.
---
 src/ser.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ser.rs b/src/ser.rs
index 30ab302..77c4b9b 100644
--- a/src/ser.rs
+++ b/src/ser.rs
@@ -66,7 +66,7 @@ pub(crate) fn read_nsec_types_bitmap(inp: &mut &[u8]) -> Result<[u8; 8192], ()>
 		let block = *inp.get(0).ok_or(())?;
 		let len = *inp.get(1).ok_or(())?;
 		*inp = &inp[2..];
-		if inp.len() < len as usize { return Err(()); }
+		if inp.len() < block as usize * 32 + len as usize { return Err(()); }
 		res[block as usize * 32..block as usize * 32 + len as usize]
 			.copy_from_slice(&inp[..len as usize]);
 		*inp = &inp[len as usize..];
-- 
2.39.5