Commit d0d70f21 authored by Mukund Sivaraman's avatar Mukund Sivaraman
Browse files

[2124] Check that algorithm and fingerprint are in the range [1,255]

parent 045ede28
...@@ -43,6 +43,14 @@ SSHFP::SSHFP(InputBuffer& buffer, size_t rdata_len) { ...@@ -43,6 +43,14 @@ SSHFP::SSHFP(InputBuffer& buffer, size_t rdata_len) {
algorithm_ = buffer.readUint8(); algorithm_ = buffer.readUint8();
fingerprint_type_ = buffer.readUint8(); fingerprint_type_ = buffer.readUint8();
if (algorithm_ < 1) {
isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
}
if (fingerprint_type_ < 1) {
isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
}
rdata_len -= 2; rdata_len -= 2;
fingerprint_.resize(rdata_len); fingerprint_.resize(rdata_len);
buffer.readData(&fingerprint_[0], rdata_len); buffer.readData(&fingerprint_[0], rdata_len);
...@@ -60,6 +68,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) { ...@@ -60,6 +68,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) {
isc_throw(InvalidRdataText, "Invalid SSHFP text"); isc_throw(InvalidRdataText, "Invalid SSHFP text");
} }
if ((algorithm < 1) || (algorithm > 255)) {
isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
}
if ((fingerprint_type < 1) || (fingerprint_type > 255)) {
isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
}
iss.read(&peekc, 1); iss.read(&peekc, 1);
if (!iss.good() || !isspace(peekc, iss.getloc())) { if (!iss.good() || !isspace(peekc, iss.getloc())) {
isc_throw(InvalidRdataText, "SSHFP presentation format error"); isc_throw(InvalidRdataText, "SSHFP presentation format error");
...@@ -75,6 +91,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) { ...@@ -75,6 +91,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) {
SSHFP::SSHFP(uint8_t algorithm, uint8_t fingerprint_type, SSHFP::SSHFP(uint8_t algorithm, uint8_t fingerprint_type,
const std::string& fingerprint) const std::string& fingerprint)
{ {
if (algorithm < 1) {
isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
}
if (fingerprint_type < 1) {
isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
}
algorithm_ = algorithm; algorithm_ = algorithm;
fingerprint_type_ = fingerprint_type; fingerprint_type_ = fingerprint_type;
decodeHex(fingerprint, fingerprint_); decodeHex(fingerprint, fingerprint_);
......
...@@ -60,7 +60,6 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) { ...@@ -60,7 +60,6 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) {
// Some of these may not be RFC conformant, but we relax the check // Some of these may not be RFC conformant, but we relax the check
// in our code to work with algorithm and fingerprint types that may // in our code to work with algorithm and fingerprint types that may
// show up in the future. // show up in the future.
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("0 1 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 1 123456789abcdef67890123456789abcdef67890")); EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 1 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("2 1 123456789abcdef67890123456789abcdef67890")); EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("2 1 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("3 1 123456789abcdef67890123456789abcdef67890")); EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("3 1 123456789abcdef67890123456789abcdef67890"));
...@@ -71,6 +70,12 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) { ...@@ -71,6 +70,12 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) {
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 3 123456789abcdef67890123456789abcdef67890")); EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 3 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 128 123456789abcdef67890123456789abcdef67890")); EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 128 123456789abcdef67890123456789abcdef67890"));
EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 255 123456789abcdef67890123456789abcdef67890")); EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 255 123456789abcdef67890123456789abcdef67890"));
// 0 is still reserved.
EXPECT_THROW(const generic::SSHFP rdata_sshfp("0 1 123456789abcdef67890123456789abcdef67890"),
InvalidRdataText);
EXPECT_THROW(const generic::SSHFP rdata_sshfp("1 0 123456789abcdef67890123456789abcdef67890"),
InvalidRdataText);
} }
TEST_F(Rdata_SSHFP_Test, badText) { TEST_F(Rdata_SSHFP_Test, badText) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment