[svn] commit: r1803 - in /branches/trac177/src/lib/dns: name.cc tests/name_unittest.cc
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon May 10 19:47:37 UTC 2010
Author: jinmei
Date: Mon May 10 19:47:36 2010
New Revision: 1803
Log:
fixed a parameter overflow bug in Name::split(). trac #177.
Modified:
branches/trac177/src/lib/dns/name.cc
branches/trac177/src/lib/dns/tests/name_unittest.cc
Modified: branches/trac177/src/lib/dns/name.cc
==============================================================================
--- branches/trac177/src/lib/dns/name.cc (original)
+++ branches/trac177/src/lib/dns/name.cc Mon May 10 19:47:36 2010
@@ -667,7 +667,7 @@
Name
Name::split(unsigned int first, unsigned int n) const {
- if (n == 0 || first + n > labelcount_) {
+ if (n == 0 || n > labelcount_ || first > labelcount_ - n) {
isc_throw(OutOfRange, "Name::split: invalid split range");
}
Modified: branches/trac177/src/lib/dns/tests/name_unittest.cc
==============================================================================
--- branches/trac177/src/lib/dns/tests/name_unittest.cc (original)
+++ branches/trac177/src/lib/dns/tests/name_unittest.cc Mon May 10 19:47:36 2010
@@ -492,6 +492,10 @@
// invalid range: an exception should be thrown.
EXPECT_THROW(example_name.split(1, 0), OutOfRange);
EXPECT_THROW(example_name.split(2, 3), OutOfRange);
+
+ // invalid range: (assuming int is 32-bit) the following parameters would
+ // cause overflow, bypassing naive validation.
+ EXPECT_THROW(example_name.split(1, 0xffffffff), OutOfRange);
}
TEST_F(NameTest, downcase) {
More information about the bind10-changes
mailing list