Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[trac117] add a new test and code for too long hash. also add a trivial
public method to the NSEC3 class, getNext() primarily for the test
(but it would be useful more practical purposes, too).

JINMEI Tatuya 14 years ago
parent
866ae82be9
commit
a9944090a8
3 changed files with 25 additions and 2 deletions
Split View Show Diff Stats
  1. 10 1
      src/lib/dns/rdata/generic/nsec3_50.cc
  2. 2 1
      src/lib/dns/rdata/generic/nsec3_50.h
  3. 13 0
      src/lib/dns/tests/rdata_nsec3_unittest.cc

+ 10 - 1
src/lib/dns/rdata/generic/nsec3_50.cc
View File 

@@ -102,6 +102,10 @@ NSEC3::NSEC3(const string& nsec3_str) :
 
 
     vector<uint8_t> next;
 
     decodeBase32Hex(nexthash, next);
 
+    if (next.size() > 255) {
 
+        isc_throw(InvalidRdataText, "NSEC3 hash is too long: "
 
+                  << next.size() << " bytes");
 
+    }
 
 
     stringstream bitmap_stream(bitmaps.str());
 
     uint8_t bitmap[8 * 1024];       // 64k bits
 
@@ -329,10 +333,15 @@ NSEC3::getIterations() const {
 
     return (impl_->iterations_);
 
 }
 
 
-vector<uint8_t>&
 
+const vector<uint8_t>&
 
 NSEC3::getSalt() const {
 
     return (impl_->salt_);
 
 }
 
 
+const vector<uint8_t>&
 
+NSEC3::getNext() const {
 
+    return (impl_->next_);
 
+}
 
+
 
 // END_RDATA_NAMESPACE
 
 // END_ISC_NAMESPACE

+ 2 - 1
src/lib/dns/rdata/generic/nsec3_50.h
View File 

@@ -43,7 +43,8 @@ public:
 
     uint8_t getHashalg() const;
 
     uint8_t getFlags() const;
 
     uint16_t getIterations() const;
 
-    std::vector<uint8_t>& getSalt() const;
 
+    const std::vector<uint8_t>& getSalt() const;
 
+    const std::vector<uint8_t>& getNext() const;
 
 
 private:
 
     NSEC3Impl* impl_;

+ 13 - 0
src/lib/dns/tests/rdata_nsec3_unittest.cc
View File 

@@ -65,6 +65,12 @@ TEST_F(Rdata_NSEC3_Test, fromText) {
 
     EXPECT_EQ(255, generic::NSEC3("1 1 1 " + string(255 * 2, '0') +
 
                                   " H9RSFB7FPF2L8HG35CMPC765TDK23RP6 "
 
                                   "NS").getSalt().size());
 
+
 
+    // hash that has the possible max length (see badText about the magic
 
+    // numbers)
 
+    EXPECT_EQ(255, generic::NSEC3("1 1 1 D399EAAB " +
 
+                                  string((255 * 8) / 5, '0') +
 
+                                  " NS").getNext().size());
 
 }
 
 
 TEST_F(Rdata_NSEC3_Test, toText) {
 
@@ -109,6 +115,13 @@ TEST_F(Rdata_NSEC3_Test, badText) {
 
     EXPECT_THROW(generic::NSEC3("1 1 1 " + string(256 * 2, '0') +
 
                                 " H9RSFB7FPF2L8HG35CMPC765TDK23RP6 NS"),
 
                  InvalidRdataText);
 
+
 
+    // Hash is too long.  Max = 255 bytes, base32-hex converts each 5 bytes
 
+    // of the original to 8 characters, so 260 * 8 / 5 is the smallest length
 
+    // of the encoded string that exceeds the max and doesn't require padding.
 
+    EXPECT_THROW(generic::NSEC3("1 1 1 D399EAAB " + string((260 * 8) / 5, '0') +
 
+                                " NS"),
 
+                 InvalidRdataText);
 
 }
 
 
 TEST_F(Rdata_NSEC3_Test, createFromWire) {