From 422b441bbfedc3c53ac7fa4a8bfbffd6e92ec124 Mon Sep 17 00:00:00 2001
From: Han Xu <keepsimple@gmail.com>
Date: Tue, 17 Dec 2024 21:14:40 -0800
Subject: [PATCH] bugfix: check data len for NSEC record

---
 src/dns_parser.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/dns_parser.rs b/src/dns_parser.rs
index e641cd6..adbfc37 100644
--- a/src/dns_parser.rs
+++ b/src/dns_parser.rs
@@ -1793,6 +1793,16 @@ impl DnsIncoming {
         //   o The Type Bit Map block length byte is a value in the range 1-32.
         //   o The Type Bit Map data is 1-32 bytes, as indicated by length
         //     byte.
+
+        // Sanity check: at least 2 bytes to read.
+        if self.data.len() < self.offset + 2 {
+            return Err(Error::Msg(format!(
+                "DnsIncoming is too short: {} at NSEC Type Bit Map offset {}",
+                self.data.len(),
+                self.offset
+            )));
+        }
+
         let block_num = self.data[self.offset];
         self.offset += 1;
         if block_num != 0 {