[2124] Add wiredata tests where the record is shorter than rdata len indicates

src/lib/dns/rdata/generic/sshfp_44.cc

@@ -40,12 +40,18 @@ SSHFP::SSHFP(InputBuffer& buffer, size_t rdata_len) {
         isc_throw(InvalidRdataLength, "SSHFP record too short");
     }
 
-    algorithm_ = buffer.readUint8();
-    fingerprint_type_ = buffer.readUint8();
+    try {
+        algorithm_ = buffer.readUint8();
+        fingerprint_type_ = buffer.readUint8();
+
+        rdata_len -= 2;
+        fingerprint_.resize(rdata_len);
 
-    rdata_len -= 2;
-    fingerprint_.resize(rdata_len);
-    buffer.readData(&fingerprint_[0], rdata_len);
+        buffer.readData(&fingerprint_[0], rdata_len);
+    } catch (const isc::util::InvalidBufferPosition& e) {
+        isc_throw(InvalidRdataLength,
+                  "SSHFP record shorter than RDATA len: " << e.what());
+    }
 }
 
 SSHFP::SSHFP(const std::string& sshfp_str) {

src/lib/dns/tests/rdata_sshfp_unittest.cc

@@ -126,6 +126,21 @@ TEST_F(Rdata_SSHFP_Test, createFromWire) {
     // short fingerprint data
     EXPECT_NO_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
                                          "rdata_sshfp_fromWire8.wire"));
+
+    // fingerprint is shorter than rdata len
+    EXPECT_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
+                                      "rdata_sshfp_fromWire9"),
+                 InvalidRdataLength);
+
+    // fingerprint is missing
+    EXPECT_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
+                                      "rdata_sshfp_fromWire10"),
+                 InvalidRdataLength);
+
+    // all rdata is missing
+    EXPECT_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
+                                      "rdata_sshfp_fromWire11"),
+                 InvalidRdataLength);
 }
 
 TEST_F(Rdata_SSHFP_Test, toText) {

src/lib/dns/tests/testdata/Makefile.am

@@ -135,6 +135,8 @@ EXTRA_DIST += rdata_sshfp_fromWire1.spec rdata_sshfp_fromWire2.spec
 EXTRA_DIST += rdata_sshfp_fromWire3.spec rdata_sshfp_fromWire4.spec
 EXTRA_DIST += rdata_sshfp_fromWire5.spec rdata_sshfp_fromWire6.spec
 EXTRA_DIST += rdata_sshfp_fromWire7.spec rdata_sshfp_fromWire8.spec
+EXTRA_DIST += rdata_sshfp_fromWire9 rdata_sshfp_fromWire10
+EXTRA_DIST += rdata_sshfp_fromWire11
 EXTRA_DIST += rdata_afsdb_fromWire1.spec rdata_afsdb_fromWire2.spec
 EXTRA_DIST += rdata_afsdb_fromWire3.spec rdata_afsdb_fromWire4.spec
 EXTRA_DIST += rdata_afsdb_fromWire5.spec

src/lib/dns/tests/testdata/rdata_sshfp_fromWire10

@@ -0,0 +1,6 @@
+# Test where fingerprint is missing
+
+# SSHFP RDATA, RDLEN=22
+0020
+# ALGORITHM=2 FINGERPRINT_TYPE=1 FINGERPRINT=123456789abcdef67890123456789abcdef67890
+02 01

src/lib/dns/tests/testdata/rdata_sshfp_fromWire11

@@ -0,0 +1,4 @@
+# Test where RDATA is completely missing
+
+# SSHFP RDATA, RDLEN=22
+0020

src/lib/dns/tests/testdata/rdata_sshfp_fromWire9

@@ -0,0 +1,6 @@
+# Test where fingerprint length is smaller than what RDATA len indicates
+
+# SSHFP RDATA, RDLEN=32
+0020
+# ALGORITHM=2 FINGERPRINT_TYPE=1 FINGERPRINT=123456789abcdef67890123456789abcdef67890
+02 01 123456789abcdef67890123456789abcdef67890