tightened the data length check for the from-wire constructor.

git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1084 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/dns/cpp/rdata/generic/rrsig_46.cc

@@ -122,10 +122,11 @@ RRSIG::RRSIG(InputBuffer& buffer, size_t rdata_len)
     uint16_t tag = buffer.readUint16();
     Name signer(buffer);
 
-    rdata_len -= (buffer.getPosition() - pos);
-    if (rdata_len == 0) {
+    // rdata_len must be sufficiently large to hold non empty signature data.
+    if (rdata_len <= buffer.getPosition() - pos) {
         dns_throw(InvalidRdataLength, "RRSIG too short");
     }
+    rdata_len -= (buffer.getPosition() - pos);
 
     vector<uint8_t> signature;
     for (int i = 0; i < rdata_len; i++) {