added a test against malformed NSEC wire data that could cause overflow.

currently failed, so disabled.


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1485 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/dns/tests/rdata_nsec_unittest.cc

@@ -65,10 +65,15 @@ TEST_F(Rdata_NSEC_Test, createFromWire_NSEC)
     // Too short RDLENGTH
     EXPECT_THROW(rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
                                       "testdata/rdata_nsec_fromWire2"),
-                 InvalidRdataLength);
+                 DNSMessageFORMERR);
+
+    EXPECT_THROW(rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
+                                      "testdata/rdata_nsec_fromWire3"),
+                 DNSMessageFORMERR);
 
+    // A malformed NSEC bitmap length field that could cause overflow.
     EXPECT_THROW(rdataFactoryFromFile(RRType::NSEC(), RRClass::IN(),
-                       "testdata/rdata_nsec_fromWire3"),
+                                      "testdata/rdata_nsec_fromWire4"),
                  DNSMessageFORMERR);
 }
 

src/lib/dns/tests/testdata/rdata_nsec_fromWire4

@@ -0,0 +1,10 @@
+###
+### This data file was auto-generated from rdata_nsec_fromWire4.spec
+###
+
+# NSEC RDATA (RDLEN=21)
+0015
+# Next Name=next.example.com
+046e657874076578616d706c6503636f6d00
+# Bitmap: Block=0, Length=31
+00 1f 01

src/lib/dns/tests/testdata/rdata_nsec_fromWire4.spec

@@ -0,0 +1,9 @@
+#
+# A malformed NSEC RDATA: bit map length is too large, causing overflow
+#
+
+[custom]
+sections: nsec
+[nsec]
+maplen: 31
+bitmap: '01'