From 9e59e2bca4ca647f7ea2637372e65cec74f0fb0e Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 13 May 2014 12:46:24 +1000
Subject: [PATCH] 3843.   [protocol]      Check EDNS EXPIRE option in
 dns_rdata_fromwire.                         [RT #35969]

(cherry picked from commit ae5335dcd9d750312a4fa455495080fcb314b9d8)
---
 CHANGES                        | 3 +++
 lib/dns/rdata/generic/opt_41.c | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/CHANGES b/CHANGES
index 6274b599be..50ae74b182 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3843.	[protocol]	Check EDNS EXPIRE option in dns_rdata_fromwire.
+			[RT #35969]
+
 3841.	[cleanup]	Refactor zone.c:add_opt to use dns_message_buildopt.
 			[RT #35924]
 
diff --git a/lib/dns/rdata/generic/opt_41.c b/lib/dns/rdata/generic/opt_41.c
index afb25b63ba..c417714f17 100644
--- a/lib/dns/rdata/generic/opt_41.c
+++ b/lib/dns/rdata/generic/opt_41.c
@@ -147,6 +147,14 @@ fromwire_opt(ARGS_FROMWIRE) {
 			isc_region_consume(&sregion, addrbytes);
 			break;
 		}
+		case DNS_OPT_EXPIRE:
+			/*
+			 * Request has zero length.  Response is 32 bits.
+			 */
+			if (length != 0 && length != 4)
+				return (DNS_R_FORMERR);
+			isc_region_consume(&sregion, length);
+			break;
 		default:
 			isc_region_consume(&sregion, length);
 			break;