hickory-dns · djc · Apr 21, 2021 · Apr 20, 2021 · Apr 21, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,6 +24,12 @@ All notes should be prepended with the location of the change, e.g. `(proto)` or
 
 - (proto) Panic when name exceeds maximal domain name length during display #1447
 
+## 0.20.2
+
+### Fixed
+
+- (proto) Panic on bad length in SVCB for record length #1465
+
 ## 0.20.1
 
 ### Added

diff --git a/crates/proto/src/rr/rdata/svcb.rs b/crates/proto/src/rr/rdata/svcb.rs
@@ -1032,7 +1032,11 @@ pub fn read(decoder: &mut BinDecoder<'_>, rdata_length: Restrict<u16>) -> ProtoR
     let svc_priority = decoder.read_u16()?.unverified(/*any u16 is valid*/);
     let target_name = Name::read(decoder)?;
 
-    let mut remainder_len = rdata_length.map(|len| len as usize - (decoder.index() - start_index)).unverified(/*valid len*/);
+    let mut remainder_len = rdata_length
+        .map(|len| len as usize)
+        .checked_sub(decoder.index() - start_index)
+        .map_err(|len| format!("Bad length for RDATA of SVCB: {}", len))?
+        .unverified(); // valid len
     let mut svc_params: Vec<(SvcParamKey, SvcParamValue)> = Vec::new();
 
     // must have at least 4 bytes left for the key and the length
@@ -1053,7 +1057,11 @@ pub fn read(decoder: &mut BinDecoder<'_>, rdata_length: Restrict<u16>) -> ProtoR
         }
 
         svc_params.push((key, value));
-        remainder_len = rdata_length.map(|len| len as usize - (decoder.index() - start_index)).unverified(/*valid len*/);
+        remainder_len = rdata_length
+            .map(|len| len as usize)
+            .checked_sub(decoder.index() - start_index)
+            .map_err(|len| format!("Bad length for RDATA of SVCB: {}", len))?
+            .unverified(); // valid len
     }
 
     Ok(SVCB {
@@ -1211,4 +1219,13 @@ mod tests {
             ],
         ));
     }
+
+    #[test]
+    fn test_no_panic() {
+        const BUF: &[u8] = &[
+            255, 121, 0, 0, 0, 0, 40, 255, 255, 160, 160, 0, 0, 0, 64, 0, 1, 255, 158, 0, 0, 0, 8,
+            0, 0, 7, 7, 0, 0, 0, 0, 0, 0, 0,
+        ];
+        assert!(crate::op::Message::from_vec(&BUF).is_err());
+    }
 }