BIND 10 trac1638, updated. 326b046810b3d77997fe95f2eab21b591a709ac7 [1638] updated comment wording

BIND 10 source code commits bind10-changes at lists.isc.org
Wed Feb 15 17:16:05 UTC 2012 

The branch, trac1638 has been updated
       via  326b046810b3d77997fe95f2eab21b591a709ac7 (commit)
       via  d3877a19035f09caa0b457cbe01fe28edacdeddd (commit)
      from  b1a417fa43cc2d467fd67d79ee7749fddaf92011 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 326b046810b3d77997fe95f2eab21b591a709ac7
Author: JINMEI Tatuya <jinmei at isc.org>
Date:   Wed Feb 15 09:15:53 2012 -0800

    [1638] updated comment wording

commit d3877a19035f09caa0b457cbe01fe28edacdeddd
Author: JINMEI Tatuya <jinmei at isc.org>
Date:   Wed Feb 15 09:12:05 2012 -0800

    [1638] in parseNSEC3ParamText(), checked the encoded salt length first to
    reject too large salt sooner.

-----------------------------------------------------------------------

Summary of changes:
 .../dns/rdata/generic/detail/nsec3param_common.cc  |   11 +++++++----
 src/lib/dns/rdata/generic/nsec3_50.cc              |    2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/lib/dns/rdata/generic/detail/nsec3param_common.cc b/src/lib/dns/rdata/generic/detail/nsec3param_common.cc
index 1781621..a7a0bb4 100644
--- a/src/lib/dns/rdata/generic/detail/nsec3param_common.cc
+++ b/src/lib/dns/rdata/generic/detail/nsec3param_common.cc
@@ -74,13 +74,16 @@ parseNSEC3ParamText(const char* const rrtype_name,
             iterations);
     }
 
+    // Salt is up to 255 bytes, and space is not allowed in the HEX encoding,
+    // so the encoded string cannot be longer than the double of max length
+    // of the actual salt.
+    if (salthex.size() > 255 * 2) {
+        isc_throw(InvalidRdataText, rrtype_name << " salt is too long: "
+                  << salthex.size() << " (encoded) bytes");
+    }
     if (salthex != "-") {       // "-" means a 0-length salt
         decodeHex(salthex, salt);
     }
-    if (salt.size() > 255) {
-        isc_throw(InvalidRdataText, rrtype_name << " salt is too long: "
-                  << salt.size() << " bytes");
-    }
 
     return (ParseNSEC3ParamResult(hashalg, flags, iterations));
 }
diff --git a/src/lib/dns/rdata/generic/nsec3_50.cc b/src/lib/dns/rdata/generic/nsec3_50.cc
index c892910..b569d91 100644
--- a/src/lib/dns/rdata/generic/nsec3_50.cc
+++ b/src/lib/dns/rdata/generic/nsec3_50.cc
@@ -72,7 +72,7 @@ NSEC3::NSEC3(const string& nsec3_str) :
     const ParseNSEC3ParamResult params =
         parseNSEC3ParamText("NSEC3", nsec3_str, iss, salt);
 
-    // Extract Next hash.  It must not be a padded base32hex string.
+    // Extract Next hash.  It must be an unpadded base32hex string.
     string nexthash;
     iss >> nexthash;
     if (iss.bad() || iss.fail()) {

More information about the bind10-changes mailing list