13 years ago · 602204a5a1
--- a/src/lib/dns/rdata/generic/nsec3param_51.cc
+++ b/src/lib/dns/rdata/generic/nsec3param_51.cc
@@ -98,24 +98,28 @@ NSEC3PARAM::NSEC3PARAM(const string& nsec3param_str) :
 
				 }
			
 
				 
			
 
				 NSEC3PARAM::NSEC3PARAM(InputBuffer& buffer, size_t rdata_len) {
			
 
				-    if (rdata_len < 4) {
			
 
				-        isc_throw(InvalidRdataLength, "NSEC3PARAM too short");
			
 
				+    // NSEC3 RR must have at least 5 octets:
			
 
				+    // hash algorithm(1), flags(1), iteration(2), saltlen(1)
			
 
				+    if (rdata_len < 5) {
			
 
				+        isc_throw(DNSMessageFORMERR, "NSEC3PARAM too short, length: "
			
 
				+                  << rdata_len);
			
 
				     }
			
 
				 
			
 
				-    uint8_t hashalg = buffer.readUint8();
			
 
				-    uint8_t flags = buffer.readUint8();
			
 
				-    uint16_t iterations = buffer.readUint16();
			
 
				-    rdata_len -= 4;
			
 
				-
			
 
				-    uint8_t saltlen = buffer.readUint8();
			
 
				-    --rdata_len;
			
 
				+    const uint8_t hashalg = buffer.readUint8();
			
 
				+    const uint8_t flags = buffer.readUint8();
			
 
				+    const uint16_t iterations = buffer.readUint16();
			
 
				 
			
 
				+    const uint8_t saltlen = buffer.readUint8();
			
 
				+    rdata_len -= 5;
			
 
				     if (rdata_len < saltlen) {
			
 
				-        isc_throw(InvalidRdataLength, "NSEC3PARAM salt too short");
			
 
				+        isc_throw(DNSMessageFORMERR, "NSEC3PARAM salt length is too large: "
			
 
				+                  << static_cast<unsigned int>(saltlen));
			
 
				     }
			
 
				 
			
 
				     vector<uint8_t> salt(saltlen);
			
 
				-    buffer.readData(&salt[0], saltlen);
			
 
				+    if (saltlen > 0) {
			
 
				+        buffer.readData(&salt[0], saltlen);
			
 
				+    }
			
 
				 
			
 
				     impl_ = new NSEC3PARAMImpl(hashalg, flags, iterations, salt);
			
 
				 }
			
--- a/src/lib/dns/tests/rdata_nsec3param_like_unittest.cc
+++ b/src/lib/dns/tests/rdata_nsec3param_like_unittest.cc
@@ -181,7 +181,7 @@ TYPED_TEST(NSEC3PARAMLikeTest, toText) {
 
				     EXPECT_EQ(this->nosalt_txt, this->fromText(this->nosalt_txt).toText());
			
 
				 }
			
 
				 
			
 
				-TYPED_TEST(NSEC3PARAMLikeTest, DISABLED_createFromWire) {
			
 
				+TYPED_TEST(NSEC3PARAMLikeTest, createFromWire) {
			
 
				     // Normal case
			
 
				     EXPECT_EQ(0, this->fromText(this->salt_txt).compare(
			
 
				                   *this->rdataFactoryFromFile(this->getType(), RRClass::IN(),
			
--- a/src/lib/dns/tests/testdata/Makefile.am
+++ b/src/lib/dns/tests/testdata/Makefile.am
@@ -30,6 +30,9 @@ BUILT_SOURCES += rdata_nsec3_fromWire10.wire rdata_nsec3_fromWire11.wire
 
				 BUILT_SOURCES += rdata_nsec3_fromWire12.wire rdata_nsec3_fromWire13.wire
			
 
				 BUILT_SOURCES += rdata_nsec3_fromWire14.wire rdata_nsec3_fromWire15.wire
			
 
				 BUILT_SOURCES += rdata_nsec3_fromWire16.wire rdata_nsec3_fromWire17.wire
			
 
				+BUILT_SOURCES += rdata_nsec3param_fromWire2.wire
			
 
				+BUILT_SOURCES += rdata_nsec3param_fromWire11.wire
			
 
				+BUILT_SOURCES += rdata_nsec3param_fromWire13.wire
			
 
				 BUILT_SOURCES += rdata_rrsig_fromWire2.wire
			
 
				 BUILT_SOURCES += rdata_minfo_fromWire1.wire rdata_minfo_fromWire2.wire
			
 
				 BUILT_SOURCES += rdata_minfo_fromWire3.wire rdata_minfo_fromWire4.wire
			
@@ -104,6 +107,9 @@ EXTRA_DIST += rdata_nsec_fromWire8.spec rdata_nsec_fromWire9.spec
 
				 EXTRA_DIST += rdata_nsec_fromWire10.spec
			
 
				 EXTRA_DIST += rdata_nsec_fromWire16.spec rdata_nsec_fromWire17.spec
			
 
				 EXTRA_DIST += rdata_nsec3param_fromWire1
			
 
				+EXTRA_DIST += rdata_nsec3param_fromWire2.spec
			
 
				+EXTRA_DIST += rdata_nsec3param_fromWire11.spec
			
 
				+EXTRA_DIST += rdata_nsec3param_fromWire13.spec
			
 
				 EXTRA_DIST += rdata_nsec3_fromWire1
			
 
				 EXTRA_DIST += rdata_nsec3_fromWire2.spec rdata_nsec3_fromWire3
			
 
				 EXTRA_DIST += rdata_nsec3_fromWire4.spec rdata_nsec3_fromWire5.spec
			
--- a/src/lib/dns/tests/testdata/rdata_nsec3param_fromWire11.spec
+++ b/src/lib/dns/tests/testdata/rdata_nsec3param_fromWire11.spec
@@ -0,0 +1,8 @@
 
				+#
			
 
				+# An invalid NSEC3PARAM RDATA: Saltlen is too large
			
 
				+#
			
 
				+
			
 
				+[custom]
			
 
				+sections: nsec3param
			
 
				+[nsec3param]
			
 
				+rdlen: 7
			
--- a/src/lib/dns/tests/testdata/rdata_nsec3param_fromWire13.spec
+++ b/src/lib/dns/tests/testdata/rdata_nsec3param_fromWire13.spec
@@ -0,0 +1,9 @@
 
				+#
			
 
				+# A valid (but unusual) NSEC3PARAM RDATA: salt is empty.
			
 
				+#
			
 
				+
			
 
				+[custom]
			
 
				+sections: nsec3param
			
 
				+[nsec3param]
			
 
				+saltlen: 0
			
 
				+salt: ''
			
--- a/src/lib/dns/tests/testdata/rdata_nsec3param_fromWire2.spec
+++ b/src/lib/dns/tests/testdata/rdata_nsec3param_fromWire2.spec
@@ -0,0 +1,9 @@
 
				+#
			
 
				+# A malformed NSEC3PARAM RDATA: RDLEN indicates it doesn't even contain the
			
 
				+# fixed 5 octects
			
 
				+#
			
 
				+
			
 
				+[custom]
			
 
				+sections: nsec3param
			
 
				+[nsec3param]
			
 
				+rdlen: 4