| Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch] |
| CVE: CVE-2020-8625 |
| Signed-off-by: Minjae Kim <flowergom@gmail.com> |
| |
| diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c |
| index e61d1c600f2..753dc8049fa 100644 |
| --- a/lib/dns/spnego.c |
| +++ b/lib/dns/spnego.c |
| @@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) { |
| return (ASN1_OVERRUN); |
| } |
| |
| - data->components = malloc(len * sizeof(*data->components)); |
| + data->components = malloc((len + 1) * sizeof(*data->components)); |
| if (data->components == NULL) { |
| return (ENOMEM); |
| } |