- added test case triggering a crash (currently commented out)

- added comments on the vulnerable part of the implementation


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1100 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/dns/cpp/rdata/generic/nsec_47.cc

@@ -98,6 +98,8 @@ NSEC::NSEC(InputBuffer& buffer, size_t rdata_len)
     }
     rdata_len -= (buffer.getPosition() - pos);
 
+    // FIXIT: we cannot naively copy the data because the bitmaps have
+    // semantics and other part of this class assumes they are valid.
     vector<uint8_t> typebits(rdata_len);
     buffer.readData(&typebits[0], rdata_len);
 

src/lib/dns/cpp/tests/rdata_nsec_unittest.cc

@@ -58,13 +58,17 @@ TEST_F(Rdata_NSEC_Test, createFromWire_NSEC)
 {
     const generic::NSEC rdata_nsec(nsec_txt);
     EXPECT_EQ(0, rdata_nsec.compare(
-                  *rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
+                  *rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
                                         "testdata/rdata_nsec_fromWire1")));
 
     // Too short RDLENGTH
-    EXPECT_THROW(rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
+    EXPECT_THROW(rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
                                       "testdata/rdata_nsec_fromWire2"),
                  InvalidRdataLength);
+
+    // This should be rejected
+    //rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
+    //                   "testdata/rdata_nsec_fromWire3")->toText();
 }
 
 TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)