- added test case triggering a crash (currently commented out)

- added comments on the vulnerable part of the implementation git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1100 e5f2f494-b856-4b98-b285-d166d9295462

- added test case triggering a crash (currently commented out)
- added comments on the vulnerable part of the implementation git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1100 e5f2f494-b856-4b98-b285-d166d9295462
205d3331 · JINMEI Tatuya · 0c33f31a · 205d3331 · 205d3331
Commit 205d3331 authored Mar 03, 2010 by JINMEI Tatuya
--- a/src/lib/dns/cpp/rdata/generic/nsec_47.cc
+++ b/src/lib/dns/cpp/rdata/generic/nsec_47.cc
@@ -98,6 +98,8 @@ NSEC::NSEC(InputBuffer& buffer, size_t rdata_len)
    }
    rdata_len -= (buffer.getPosition() - pos);

+    // FIXIT: we cannot naively copy the data because the bitmaps have
+    // semantics and other part of this class assumes they are valid.
    vector<uint8_t> typebits(rdata_len);
    buffer.readData(&typebits[0], rdata_len);


--- a/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc
+++ b/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc
@@ -58,13 +58,17 @@ TEST_F(Rdata_NSEC_Test, createFromWire_NSEC)
 {
    const generic::NSEC rdata_nsec(nsec_txt);
    EXPECT_EQ(0, rdata_nsec.compare(
-                  *rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
+                  *rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
                                        "testdata/rdata_nsec_fromWire1")));

    // Too short RDLENGTH
-    EXPECT_THROW(rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
+    EXPECT_THROW(rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
                                      "testdata/rdata_nsec_fromWire2"),
                 InvalidRdataLength);
+
+    // This should be rejected
+    //rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
+    //                   "testdata/rdata_nsec_fromWire3")->toText();
 }

 TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)