apply https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-1931.diff to

unbound, fixing an indefinite loop that could be triggered by a client
against an unbound server where the (non-default) configuration "ede: yes"
is used.

https://nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt

ok florian@

diff --git a/usr.sbin/unbound/util/data/msgencode.c b/usr.sbin/unbound/util/data/msgencode.c
index a170eb7..93423f9 100644 (file)
--- a/usr.sbin/unbound/util/data/msgencode.c
+++ b/usr.sbin/unbound/util/data/msgencode.c
@@ -886,6 +886,9 @@ ede_trim_text(struct edns_option** list)
                                curr->opt_len = 2;
                                prev = curr;
                                curr = curr->next;
+                       } else {
+                               prev = curr;
+                               curr = curr->next;
                        }
                } else {
                        /* continue */