Commit d3877a19 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1638] in parseNSEC3ParamText(), checked the encoded salt length first to

reject too large salt sooner.
parent b1a417fa
......@@ -74,13 +74,16 @@ parseNSEC3ParamText(const char* const rrtype_name,
iterations);
}
// Salt is up to 255 bytes, and space is not allowed in the HEX encoding,
// so the encoded string cannot be longer than the double of max length
// of the actual salt.
if (salthex.size() > 255 * 2) {
isc_throw(InvalidRdataText, rrtype_name << " salt is too long: "
<< salthex.size() << " (encoded) bytes");
}
if (salthex != "-") { // "-" means a 0-length salt
decodeHex(salthex, salt);
}
if (salt.size() > 255) {
isc_throw(InvalidRdataText, rrtype_name << " salt is too long: "
<< salt.size() << " bytes");
}
return (ParseNSEC3ParamResult(hashalg, flags, iterations));
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment