a buffer size check can cause denial of service under certain circumstances 

[security]
The following flaw in BIND was reported by ISC:

A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c.

A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.

Upstream-Status: Backport
CVE: CVE-2015-8704

[The patch is taken from BIND 9.10.3:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704]

Signed-off-by: Derek Straka <derek@asterius.io>
diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
index bedd38e..28eb7f2 100644
--- a/lib/dns/rdata/in_1/apl_42.c
+++ b/lib/dns/rdata/in_1/apl_42.c
@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
	isc_uint8_t len;
	isc_boolean_t neg;
	unsigned char buf[16];
-	char txt[sizeof(" !64000")];
+	char txt[sizeof(" !64000:")];
	const char *sep = "";
	int n;