Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fixed a buffer-overrun bug in the from-wire constructor.
added a test case to identify the bug.
made test data file names consistent


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1096 e5f2f494-b856-4b98-b285-d166d9295462

JINMEI Tatuya 15 years ago
parent
1faaf0fbae
commit
b4f1b6d06d
4 changed files with 20 additions and 4 deletions
Split View Show Diff Stats
  1. 3 2
      src/lib/dns/cpp/rdata/generic/nsec_47.cc
  2. 7 2
      src/lib/dns/cpp/tests/rdata_nsec_unittest.cc
  3. 0 0
      src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire1
  4. 10 0
      src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire2

+ 3 - 2
src/lib/dns/cpp/rdata/generic/nsec_47.cc
View File 

@@ -91,11 +91,12 @@ NSEC::NSEC(InputBuffer& buffer, size_t rdata_len)
 
 {
 
     size_t pos = buffer.getPosition();
 
     Name nextname(buffer);
 
-    rdata_len -= (buffer.getPosition() - pos);
 
 
-    if (rdata_len == 0) {
 
+    // rdata_len must be sufficiently large to hold non empty bitmap.
 
+    if (rdata_len <= buffer.getPosition() - pos) {
 
         dns_throw(InvalidRdataLength, "NSEC too short");
 
     }
 
+    rdata_len -= (buffer.getPosition() - pos);
 
 
     vector<uint8_t> typebits;
 
     for (int i = 0; i < rdata_len; i++) {

+ 7 - 2
src/lib/dns/cpp/tests/rdata_nsec_unittest.cc
View File 

@@ -59,7 +59,12 @@ TEST_F(Rdata_NSEC_Test, createFromWire_NSEC)
 
     const generic::NSEC rdata_nsec(nsec_txt);
 
     EXPECT_EQ(0, rdata_nsec.compare(
 
                   *rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
 
-                                        "testdata/rdata_nsec_fromWire")));
 
+                                        "testdata/rdata_nsec_fromWire1")));
 
+
 
+    // Too short RDLENGTH
 
+    EXPECT_THROW(rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
 
+                                      "testdata/rdata_nsec_fromWire2"),
 
+                 InvalidRdataLength);
 
 }
 
 
 TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)
 
@@ -69,7 +74,7 @@ TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)
 
     rdata_nsec.toWire(renderer);
 
 
     vector<unsigned char> data;
 
-    UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire", data);
 
+    UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire1", data);
 
     EXPECT_PRED_FORMAT4(UnitTestUtil::matchWireData,
 
                         static_cast<const uint8_t *>(obuffer.getData()) + 2,
 
                         obuffer.getLength() - 2, &data[2], data.size() - 2);

src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire → src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire1
View File


+ 10 - 0
src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire2
View File 

@@ -0,0 +1,10 @@
 
+#
 
+# NSEC RDATA with a bogus RDLEN (too short)
 
+#
 
+
 
+# RDLENGTH, 13 bytes (should be 22)
 
+00 0d
 
+# NSEC record
 
+# www2.isc.org. CNAME RRSIG NSEC
 
+04 77 77 77 32 03 69 73 63 03 6f 72 67 00 00 06
 
+04 00 00 00 00 03