From 8a03ccbb77f52ec4b55062eeedddb8daec1a33e4 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 2 May 2016 16:04:32 +0200
Subject: [PATCH] hesiod: Avoid heap overflow in get_txt_records [BZ #20031]

---
 ChangeLog       | 6 ++++++
 hesiod/hesiod.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 1149fd30e2..d7044ea43d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2016-05-02  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #20031]
+	* hesiod/hesiod.c (get_txt_records): Return error if TXT record is
+	completely empty.
+
 2016-05-02  Florian Weimer  <fweimer@redhat.com>
 
 	[BZ #19573]
diff --git a/hesiod/hesiod.c b/hesiod/hesiod.c
index 6ecbad11cc..c2925a0f99 100644
--- a/hesiod/hesiod.c
+++ b/hesiod/hesiod.c
@@ -398,7 +398,7 @@ get_txt_records(struct hesiod_p *ctx, int class, const char *name) {
 		cp += INT16SZ + INT32SZ;	/* skip the ttl, too */
 		rr.dlen = ns_get16(cp);
 		cp += INT16SZ;
-		if (cp + rr.dlen > eom) {
+		if (rr.dlen == 0 || cp + rr.dlen > eom) {
 			__set_errno(EMSGSIZE);
 			goto cleanup;
 		}