[2387] Make DNSKEY wire constructor throw on empty keydata

src/lib/dns/rdata/generic/dnskey_48.cc

@@ -98,6 +98,12 @@ DNSKEY::DNSKEY(InputBuffer& buffer, size_t rdata_len) {
     const uint16_t algorithm = buffer.readUint8();
 
     rdata_len -= 4;
+    // Though the size of the public key is algorithm-dependent, we
+    // assume that it should not be empty.
+    if (rdata_len < 1) {
+        isc_throw(InvalidRdataLength, "DNSKEY keydata too short");
+    }
+
     vector<uint8_t> keydata(rdata_len);
     buffer.readData(&keydata[0], rdata_len);
 

src/lib/dns/tests/rdata_dnskey_unittest.cc

@@ -134,6 +134,10 @@ TEST_F(Rdata_DNSKEY_Test, createFromWire) {
     EXPECT_EQ(0, rdata_dnskey.compare(
                   *rdataFactoryFromFile(RRType("DNSKEY"), RRClass("IN"),
                                         "rdata_dnskey_fromWire")));
+    // Empty keydata should throw
+    EXPECT_THROW(rdataFactoryFromFile(RRType("DNSKEY"), RRClass("IN"),
+                                      "rdata_dnskey_empty_keydata_fromWire"),
+                 InvalidRdataLength);
 }
 
 TEST_F(Rdata_DNSKEY_Test, getTag) {

src/lib/dns/tests/testdata/Makefile.am

@@ -101,7 +101,8 @@ EXTRA_DIST += name_toWire7 name_toWire8 name_toWire9
 EXTRA_DIST += question_fromWire question_toWire1 question_toWire2
 EXTRA_DIST += rdatafields1.spec rdatafields2.spec rdatafields3.spec
 EXTRA_DIST += rdatafields4.spec rdatafields5.spec rdatafields6.spec
-EXTRA_DIST += rdata_cname_fromWire rdata_dname_fromWire rdata_dnskey_fromWire
+EXTRA_DIST += rdata_cname_fromWire rdata_dname_fromWire
+EXTRA_DIST += rdata_dnskey_fromWire rdata_dnskey_empty_keydata_fromWire
 EXTRA_DIST += rdata_dhcid_fromWire rdata_dhcid_toWire
 EXTRA_DIST += rdata_ds_fromWire rdata_in_a_fromWire rdata_in_aaaa_fromWire
 EXTRA_DIST += rdata_mx_fromWire rdata_mx_toWire1 rdata_mx_toWire2

src/lib/dns/tests/testdata/rdata_dnskey_empty_keydata_fromWire

@@ -0,0 +1,7 @@
+# RDLENGTH = 4 bytes
+ 00 04
+# DNSKEY, flags 257
+ 01 01
+# protocol 3, algorithm 5
+ 03 05
+# no keydata