From a0238d9987adeb5a3b7da8baaf37ed6684dac163 Mon Sep 17 00:00:00 2001 From: rdevshp Date: Wed, 10 Jun 2026 09:51:09 +0000 Subject: [PATCH] fix OOB write in FTL_parse_pseudoheaders when optlen is 0 Signed-off-by: rdevshp --- src/edns0.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/edns0.c b/src/edns0.c index a0030305..a17311e8 100644 --- a/src/edns0.c +++ b/src/edns0.c @@ -367,7 +367,11 @@ void FTL_parse_pseudoheaders(unsigned char *pheader, const size_t plen) char *pp = pretty_payload; for(unsigned int j = 0; j < optlen; j++) pp += sprintf(pp, "0x%02X ", payload[j]); - pretty_payload[optlen*5 - 1] = '\0'; // Truncate away the trailing whitespace + + // Truncate away the trailing whitespace + if(optlen) + pretty_payload[optlen*5 - 1] = '\0'; + log_debug(DEBUG_EDNS0, "CPE-ID (payload size %u): \"%s\" (%s)", optlen, payload, pretty_payload); free(pretty_payload);