fixed a buffer-overrun bug in the from-wire constructor.

added a test case to identify the bug. made test data file names consistent git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1096 e5f2f494-b856-4b98-b285-d166d9295462

fixed a buffer-overrun bug in the from-wire constructor.
added a test case to identify the bug. made test data file names consistent git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1096 e5f2f494-b856-4b98-b285-d166d9295462
b4f1b6d0 · JINMEI Tatuya · 1faaf0fb · b4f1b6d0 · b4f1b6d0 · b4f1b6d0
Commit b4f1b6d0 authored Mar 03, 2010 by JINMEI Tatuya
--- a/src/lib/dns/cpp/rdata/generic/nsec_47.cc
+++ b/src/lib/dns/cpp/rdata/generic/nsec_47.cc
@@ -91,11 +91,12 @@ NSEC::NSEC(InputBuffer& buffer, size_t rdata_len)
 {
    size_t pos = buffer.getPosition();
    Name nextname(buffer);
-    rdata_len -= (buffer.getPosition() - pos);

-    if (rdata_len == 0) {
+    // rdata_len must be sufficiently large to hold non empty bitmap.
+    if (rdata_len <= buffer.getPosition() - pos) {
        dns_throw(InvalidRdataLength, "NSEC too short");
    }
+    rdata_len -= (buffer.getPosition() - pos);

    vector<uint8_t> typebits;
    for (int i = 0; i < rdata_len; i++) {

--- a/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc
+++ b/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc
@@ -59,7 +59,12 @@ TEST_F(Rdata_NSEC_Test, createFromWire_NSEC)
    const generic::NSEC rdata_nsec(nsec_txt);
    EXPECT_EQ(0, rdata_nsec.compare(
                  *rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
-                                        "testdata/rdata_nsec_fromWire")));
+                                        "testdata/rdata_nsec_fromWire1")));
+
+    // Too short RDLENGTH
+    EXPECT_THROW(rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
+                                      "testdata/rdata_nsec_fromWire2"),
+                 InvalidRdataLength);
 }

 TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)
@@ -69,7 +74,7 @@ TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)
    rdata_nsec.toWire(renderer);

    vector<unsigned char> data;
-    UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire", data);
+    UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire1", data);
    EXPECT_PRED_FORMAT4(UnitTestUtil::matchWireData,
                        static_cast<const uint8_t *>(obuffer.getData()) + 2,
                        obuffer.getLength() - 2, &data[2], data.size() - 2);

--- a/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire
+++ b/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire
--- a/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire2
+++ b/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire2
+#
+# NSEC RDATA with a bogus RDLEN (too short)
+#
+
+# RDLENGTH, 13 bytes (should be 22)
+00 0d
+# NSEC record
+# www2.isc.org. CNAME RRSIG NSEC
+04 77 77 77 32 03 69 73 63 03 6f 72 67 00 00 06
+04 00 00 00 00 03