Commit b4f1b6d0 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

fixed a buffer-overrun bug in the from-wire constructor.

added a test case to identify the bug.
made test data file names consistent


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1096 e5f2f494-b856-4b98-b285-d166d9295462
parent 1faaf0fb
......@@ -91,11 +91,12 @@ NSEC::NSEC(InputBuffer& buffer, size_t rdata_len)
{
size_t pos = buffer.getPosition();
Name nextname(buffer);
rdata_len -= (buffer.getPosition() - pos);
if (rdata_len == 0) {
// rdata_len must be sufficiently large to hold non empty bitmap.
if (rdata_len <= buffer.getPosition() - pos) {
dns_throw(InvalidRdataLength, "NSEC too short");
}
rdata_len -= (buffer.getPosition() - pos);
vector<uint8_t> typebits;
for (int i = 0; i < rdata_len; i++) {
......
......@@ -59,7 +59,12 @@ TEST_F(Rdata_NSEC_Test, createFromWire_NSEC)
const generic::NSEC rdata_nsec(nsec_txt);
EXPECT_EQ(0, rdata_nsec.compare(
*rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
"testdata/rdata_nsec_fromWire")));
"testdata/rdata_nsec_fromWire1")));
// Too short RDLENGTH
EXPECT_THROW(rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
"testdata/rdata_nsec_fromWire2"),
InvalidRdataLength);
}
TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)
......@@ -69,7 +74,7 @@ TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)
rdata_nsec.toWire(renderer);
vector<unsigned char> data;
UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire", data);
UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire1", data);
EXPECT_PRED_FORMAT4(UnitTestUtil::matchWireData,
static_cast<const uint8_t *>(obuffer.getData()) + 2,
obuffer.getLength() - 2, &data[2], data.size() - 2);
......
#
# NSEC RDATA with a bogus RDLEN (too short)
#
# RDLENGTH, 13 bytes (should be 22)
00 0d
# NSEC record
# www2.isc.org. CNAME RRSIG NSEC
04 77 77 77 32 03 69 73 63 03 6f 72 67 00 00 06
04 00 00 00 00 03
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment