Commit 3c2d0a5d authored by Michał Kępień's avatar Michał Kępień
Browse files

fixup! Following disscussions with Wes, empty hashes are disallowed.

parent ce6dd3d1
Pipeline #12544 passed with stages
in 12 minutes and 29 seconds
......@@ -136,8 +136,11 @@ fromwire_zonemd(ARGS_FROMWIRE) {
isc_buffer_activeregion(source, &sr);
/*
* Check that a digest is present if it is unknown and
* check digest lengths are correct if we know them.
* If we do not recognize the digest type, only ensure that the digest
* is present at all.
*
* If we do recognize the digest type, ensure that the digest is of the
* correct length.
*/
if (sr.length < 7 ||
(sr.base[4] == DNS_ZONEMD_DIGEST_SHA384 &&
......@@ -147,9 +150,10 @@ fromwire_zonemd(ARGS_FROMWIRE) {
}
/*
* Only copy digest lengths if we know them.
* If there is extra data dns_rdata_fromwire() will
* detect that.
* Only specify the number of octets to consume if we recognize the
* digest type.
*
* If there is extra data, dns_rdata_fromwire() will detect that.
*/
if (sr.base[4] == DNS_ZONEMD_DIGEST_SHA384) {
sr.length = 6 + ISC_SHA384_DIGESTLENGTH;
......
......@@ -1680,16 +1680,16 @@ zonemd(void **state) {
*/
WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
/*
* Minimal hash type 0.
* Minimal, one-octet hash for an undefined digest type.
*/
WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
/*
* SHA-384 is defined, so we insist there be a digest of
* the expected lenght.
* the expected length.
*/
WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00),
/*
* 48 octets, valid for SHA-384.
* 48-octet digest, valid for SHA-384.
*/
WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment