[svn] commit: r1096 - in /trunk/src/lib/dns/cpp: rdata/generic/nsec_47.cc tests/rdata_nsec_unittest.cc tests/testdata/rdata_nsec_fromWire tests/testdata/rdata_nsec_fromWire1 tests/testdata/rdata_nsec_fromWire2

Wed Mar 3 22:47:46 UTC 2010

Author: jinmei
Date: Wed Mar  3 22:47:46 2010
New Revision: 1096

Log:
fixed a buffer-overrun bug in the from-wire constructor.
added a test case to identify the bug.
made test data file names consistent

Added:
    trunk/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire1
      - copied unchanged from r1088, trunk/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire
    trunk/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire2
Removed:
    trunk/src/lib/dns/cpp/tests/testdata/rdata_nsec_fromWire
Modified:
    trunk/src/lib/dns/cpp/rdata/generic/nsec_47.cc
    trunk/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc

Modified: trunk/src/lib/dns/cpp/rdata/generic/nsec_47.cc
==============================================================================

--- trunk/src/lib/dns/cpp/rdata/generic/nsec_47.cc (original)
+++ trunk/src/lib/dns/cpp/rdata/generic/nsec_47.cc Wed Mar  3 22:47:46 2010
@@ -91,11 +91,12 @@
 {
     size_t pos = buffer.getPosition();
     Name nextname(buffer);
-    rdata_len -= (buffer.getPosition() - pos);
 
-    if (rdata_len == 0) {
+    // rdata_len must be sufficiently large to hold non empty bitmap.
+    if (rdata_len <= buffer.getPosition() - pos) {
         dns_throw(InvalidRdataLength, "NSEC too short");
     }
+    rdata_len -= (buffer.getPosition() - pos);
 
     vector<uint8_t> typebits;
     for (int i = 0; i < rdata_len; i++) {

Modified: trunk/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc
==============================================================================
--- trunk/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc (original)
+++ trunk/src/lib/dns/cpp/tests/rdata_nsec_unittest.cc Wed Mar  3 22:47:46 2010
@@ -59,7 +59,12 @@
     const generic::NSEC rdata_nsec(nsec_txt);
     EXPECT_EQ(0, rdata_nsec.compare(
                   *rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
-                                        "testdata/rdata_nsec_fromWire")));
+                                        "testdata/rdata_nsec_fromWire1")));
+
+    // Too short RDLENGTH
+    EXPECT_THROW(rdataFactoryFromFile(RRType("NSEC"), RRClass("IN"),
+                                      "testdata/rdata_nsec_fromWire2"),
+                 InvalidRdataLength);
 }
 
 TEST_F(Rdata_NSEC_Test, toWireRenderer_NSEC)
@@ -69,7 +74,7 @@
     rdata_nsec.toWire(renderer);
 
     vector<unsigned char> data;
-    UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire", data);
+    UnitTestUtil::readWireData("testdata/rdata_nsec_fromWire1", data);
     EXPECT_PRED_FORMAT4(UnitTestUtil::matchWireData,
                         static_cast<const uint8_t *>(obuffer.getData()) + 2,
                         obuffer.getLength() - 2, &data[2], data.size() - 2);


