From 1f66559ca214c0f8975e99c77379d962d3253502 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 8 Aug 2018 16:23:20 +0900
Subject: [PATCH] resolve: use memcmp_safe() and memcpy_safe()

As the length of salt in NSEC3 may be zero.

Fixes #9757.
---
 src/resolve/resolved-dns-dnssec.c | 2 +-
 src/resolve/resolved-dns-packet.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index e0d70c29cb..2c8514a72a 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -1380,7 +1380,7 @@ static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {
                 return 0;
         if (rr->nsec3.salt_size != nsec3->nsec3.salt_size)
                 return 0;
-        if (memcmp(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
+        if (memcmp_safe(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
                 return 0;
 
         a = dns_resource_key_name(rr->key);
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index 2cc606f363..6a615e3762 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -383,7 +383,7 @@ int dns_packet_append_blob(DnsPacket *p, const void *d, size_t l, size_t *start)
         if (r < 0)
                 return r;
 
-        memcpy(q, d, l);
+        memcpy_safe(q, d, l);
         return 0;
 }