Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[2124] Check that algorithm and fingerprint are in the range [1,255]

Mukund Sivaraman 13 years ago
parent
045ede28af
commit
d0d70f2118
2 changed files with 30 additions and 1 deletions
Split View Show Diff Stats
  1. 24 0
      src/lib/dns/rdata/generic/sshfp_44.cc
  2. 6 1
      src/lib/dns/tests/rdata_sshfp_unittest.cc

+ 24 - 0
src/lib/dns/rdata/generic/sshfp_44.cc
View File 

@@ -43,6 +43,14 @@ SSHFP::SSHFP(InputBuffer& buffer, size_t rdata_len) {
 
     algorithm_ = buffer.readUint8();
 
     fingerprint_type_ = buffer.readUint8();
 
 
+    if (algorithm_ < 1) {
 
+        isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
 
+    }
 
+
 
+    if (fingerprint_type_ < 1) {
 
+        isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
 
+    }
 
+
 
     rdata_len -= 2;
 
     fingerprint_.resize(rdata_len);
 
     buffer.readData(&fingerprint_[0], rdata_len);
 
@@ -60,6 +68,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) {
 
         isc_throw(InvalidRdataText, "Invalid SSHFP text");
 
     }
 
 
+    if ((algorithm < 1) || (algorithm > 255)) {
 
+        isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
 
+    }
 
+
 
+    if ((fingerprint_type < 1) || (fingerprint_type > 255)) {
 
+        isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
 
+    }
 
+
 
     iss.read(&peekc, 1);
 
     if (!iss.good() || !isspace(peekc, iss.getloc())) {
 
         isc_throw(InvalidRdataText, "SSHFP presentation format error");
 
@@ -75,6 +91,14 @@ SSHFP::SSHFP(const std::string& sshfp_str) {
 
 SSHFP::SSHFP(uint8_t algorithm, uint8_t fingerprint_type,
 
              const std::string& fingerprint)
 
 {
 
+    if (algorithm < 1) {
 
+        isc_throw(InvalidRdataText, "SSHFP algorithm number out of range");
 
+    }
 
+
 
+    if (fingerprint_type < 1) {
 
+        isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
 
+    }
 
+
 
     algorithm_ = algorithm;
 
     fingerprint_type_ = fingerprint_type;
 
     decodeHex(fingerprint, fingerprint_);

+ 6 - 1
src/lib/dns/tests/rdata_sshfp_unittest.cc
View File 

@@ -60,7 +60,6 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) {
 
     // Some of these may not be RFC conformant, but we relax the check
 
     // in our code to work with algorithm and fingerprint types that may
 
     // show up in the future.
 
-    EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("0 1 123456789abcdef67890123456789abcdef67890"));
 
     EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 1 123456789abcdef67890123456789abcdef67890"));
 
     EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("2 1 123456789abcdef67890123456789abcdef67890"));
 
     EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("3 1 123456789abcdef67890123456789abcdef67890"));
 
@@ -71,6 +70,12 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) {
 
     EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 3 123456789abcdef67890123456789abcdef67890"));
 
     EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 128 123456789abcdef67890123456789abcdef67890"));
 
     EXPECT_NO_THROW(const generic::SSHFP rdata_sshfp("1 255 123456789abcdef67890123456789abcdef67890"));
 
+
 
+    // 0 is still reserved.
 
+    EXPECT_THROW(const generic::SSHFP rdata_sshfp("0 1 123456789abcdef67890123456789abcdef67890"),
 
+                 InvalidRdataText);
 
+    EXPECT_THROW(const generic::SSHFP rdata_sshfp("1 0 123456789abcdef67890123456789abcdef67890"),
 
+                 InvalidRdataText);
 
 }
 
 
 TEST_F(Rdata_SSHFP_Test, badText) {