Commit d0d70f21 authored by Mukund Sivaraman's avatar Mukund Sivaraman
Browse files

[2124] Check that algorithm and fingerprint are in the range [1,255]

parent 045ede28
......@@ -43,6 +43,14 @@ SSHFP::SSHFP(InputBuffer& buffer, size_t rdata_len) {
algorithm_ = buffer.readUint8();
fingerprint_type_ = buffer.readUint8();
if (algorithm_ < 1) {
isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
}
if (fingerprint_type_ < 1) {
isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
}
rdata_len -= 2;
fingerprint_.resize(rdata_len);
buffer.readData(&fingerprint_[0], rdata_len);
......@@ -60,6 +68,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) {
isc_throw(InvalidRdataText, "Invalid SSHFP text");
}
if ((algorithm < 1) || (algorithm > 255)) {
isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
}
if ((fingerprint_type < 1) || (fingerprint_type > 255)) {
isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
}
iss.read(&peekc, 1);
if (!iss.good() || !isspace(peekc, iss.getloc())) {
isc_throw(InvalidRdataText, "SSHFP presentation format error");
......@@ -75,6 +91,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) {
SSHFP::SSHFP(uint8_t algorithm, uint8_t fingerprint_type,
const std::string& fingerprint)
{
if (algorithm < 1) {
isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
}
if (fingerprint_type < 1) {
isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
}
algorithm_ = algorithm;
fingerprint_type_ = fingerprint_type;
decodeHex(fingerprint, fingerprint_);
......
......@@ -60,7 +60,6 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) {
// Some of these may not be RFC conformant, but we relax the check
// in our code to work with algorithm and fingerprint types that may
// show up in the future.
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("0 1 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 1 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("2 1 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("3 1 123456789abcdef67890123456789abcdef67890"));
......@@ -71,6 +70,12 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) {
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 3 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 128 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 255 123456789abcdef67890123456789abcdef67890"));
// 0 is still reserved.
EXPECT_THROW(const generic::SSHFP rdata_sshfp("0 1 123456789abcdef67890123456789abcdef67890"),
InvalidRdataText);
EXPECT_THROW(const generic::SSHFP rdata_sshfp("1 0 123456789abcdef67890123456789abcdef67890"),
InvalidRdataText);
}
TEST_F(Rdata_SSHFP_Test, badText) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment