BIND 10 trac2124, updated. 3b82a4fda312a144d2883de96da76386ec199eea [2124] Handle empty SSHFP fingerprints
BIND 10 source code commits
bind10-changes at lists.isc.org
Wed Jul 25 07:33:08 UTC 2012
The branch, trac2124 has been updated
via 3b82a4fda312a144d2883de96da76386ec199eea (commit)
via 16cd39d09fbdf9c2121b9aa0cbe124355f42f134 (commit)
from d75a744fcd766bdedc2e7c49890c80c3606e3550 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3b82a4fda312a144d2883de96da76386ec199eea
Author: Mukund Sivaraman <muks at isc.org>
Date: Wed Jul 25 12:34:19 2012 +0530
[2124] Handle empty SSHFP fingerprints
commit 16cd39d09fbdf9c2121b9aa0cbe124355f42f134
Author: Mukund Sivaraman <muks at isc.org>
Date: Wed Jul 25 11:24:52 2012 +0530
[2124] Add wiredata tests where the record is shorter than rdata len indicates
-----------------------------------------------------------------------
Summary of changes:
src/lib/dns/rdata/generic/sshfp_44.cc | 48 +++++++++------
src/lib/dns/rdata/generic/sshfp_44.h | 1 +
src/lib/dns/tests/rdata_sshfp_unittest.cc | 63 +++++++++++++++++++-
src/lib/dns/tests/testdata/Makefile.am | 2 +
...rdata_sshfp_fromWire => rdata_sshfp_fromWire10} | 6 +-
src/lib/dns/tests/testdata/rdata_sshfp_fromWire11 | 4 ++
src/lib/dns/tests/testdata/rdata_sshfp_fromWire12 | 4 ++
...{rdata_sshfp_fromWire => rdata_sshfp_fromWire9} | 6 +-
8 files changed, 110 insertions(+), 24 deletions(-)
copy src/lib/dns/tests/testdata/{rdata_sshfp_fromWire => rdata_sshfp_fromWire10} (67%)
create mode 100644 src/lib/dns/tests/testdata/rdata_sshfp_fromWire11
create mode 100644 src/lib/dns/tests/testdata/rdata_sshfp_fromWire12
copy src/lib/dns/tests/testdata/{rdata_sshfp_fromWire => rdata_sshfp_fromWire9} (56%)
-----------------------------------------------------------------------
diff --git a/src/lib/dns/rdata/generic/sshfp_44.cc b/src/lib/dns/rdata/generic/sshfp_44.cc
index b4175b8..4c221b8 100644
--- a/src/lib/dns/rdata/generic/sshfp_44.cc
+++ b/src/lib/dns/rdata/generic/sshfp_44.cc
@@ -40,18 +40,22 @@ SSHFP::SSHFP(InputBuffer& buffer, size_t rdata_len) {
isc_throw(InvalidRdataLength, "SSHFP record too short");
}
- algorithm_ = buffer.readUint8();
- fingerprint_type_ = buffer.readUint8();
+ try {
+ algorithm_ = buffer.readUint8();
+ fingerprint_type_ = buffer.readUint8();
+
+ rdata_len -= 2;
+ fingerprint_.resize(rdata_len);
- rdata_len -= 2;
- fingerprint_.resize(rdata_len);
- buffer.readData(&fingerprint_[0], rdata_len);
+ buffer.readData(&fingerprint_[0], rdata_len);
+ } catch (const isc::util::InvalidBufferPosition& e) {
+ isc_throw(InvalidRdataLength,
+ "SSHFP record shorter than RDATA len: " << e.what());
+ }
}
SSHFP::SSHFP(const std::string& sshfp_str) {
std::istringstream iss(sshfp_str);
- // peekc should be of iss's char_type for isspace to work
- std::istringstream::char_type peekc;
std::stringbuf fingerprintbuf;
uint32_t algorithm, fingerprint_type;
@@ -68,21 +72,16 @@ SSHFP::SSHFP(const std::string& sshfp_str) {
isc_throw(InvalidRdataText, "SSHFP fingerprint type out of range");
}
- iss.read(&peekc, 1);
- if (!iss.good() || !isspace(peekc, iss.getloc())) {
- isc_throw(InvalidRdataText, "SSHFP presentation format error");
- }
-
iss >> &fingerprintbuf;
-
- algorithm_ = algorithm;
- fingerprint_type_ = fingerprint_type;
-
try {
decodeHex(fingerprintbuf.str(), fingerprint_);
} catch (const isc::BadValue& e) {
- isc_throw(InvalidRdataText, "Bad SSHFP fingerprint: " << e.what());
+ isc_throw(InvalidRdataText,
+ "Bad SSHFP fingerprint: " << e.what());
}
+
+ algorithm_ = algorithm;
+ fingerprint_type_ = fingerprint_type;
}
SSHFP::SSHFP(uint8_t algorithm, uint8_t fingerprint_type,
@@ -108,14 +107,20 @@ void
SSHFP::toWire(OutputBuffer& buffer) const {
buffer.writeUint8(algorithm_);
buffer.writeUint8(fingerprint_type_);
- buffer.writeData(&fingerprint_[0], fingerprint_.size());
+
+ if (fingerprint_.size() > 0) {
+ buffer.writeData(&fingerprint_[0], fingerprint_.size());
+ }
}
void
SSHFP::toWire(AbstractMessageRenderer& renderer) const {
renderer.writeUint8(algorithm_);
renderer.writeUint8(fingerprint_type_);
- renderer.writeData(&fingerprint_[0], fingerprint_.size());
+
+ if (fingerprint_.size() > 0) {
+ renderer.writeData(&fingerprint_[0], fingerprint_.size());
+ }
}
string
@@ -166,5 +171,10 @@ SSHFP::getSSHFPFingerprintType() const {
return (fingerprint_type_);
}
+size_t
+SSHFP::getFingerprintLen() const {
+ return (fingerprint_.size());
+}
+
// END_RDATA_NAMESPACE
// END_ISC_NAMESPACE
diff --git a/src/lib/dns/rdata/generic/sshfp_44.h b/src/lib/dns/rdata/generic/sshfp_44.h
index c3ba944..fadff33 100644
--- a/src/lib/dns/rdata/generic/sshfp_44.h
+++ b/src/lib/dns/rdata/generic/sshfp_44.h
@@ -40,6 +40,7 @@ public:
///
uint8_t getSSHFPAlgorithmNumber() const;
uint8_t getSSHFPFingerprintType() const;
+ size_t getFingerprintLen() const;
private:
/// Note: this is a prototype version; we may reconsider
diff --git a/src/lib/dns/tests/rdata_sshfp_unittest.cc b/src/lib/dns/tests/rdata_sshfp_unittest.cc
index 7759bfd..8adc963 100644
--- a/src/lib/dns/tests/rdata_sshfp_unittest.cc
+++ b/src/lib/dns/tests/rdata_sshfp_unittest.cc
@@ -41,6 +41,18 @@ class Rdata_SSHFP_Test : public RdataTest {
const string sshfp_txt("2 1 123456789abcdef67890123456789abcdef67890");
const generic::SSHFP rdata_sshfp(2, 1, "123456789abcdef67890123456789abcdef67890");
+const uint8_t rdata_sshfp_wiredata[] = {
+ // algorithm
+ 0x02,
+ // fingerprint type
+ 0x01,
+ // fingerprint
+ 0x12, 0x34, 0x56, 0x78,
+ 0x9a, 0xbc, 0xde, 0xf6,
+ 0x78, 0x90, 0x12, 0x34,
+ 0x56, 0x78, 0x9a, 0xbc,
+ 0xde, 0xf6, 0x78, 0x90
+};
TEST_F(Rdata_SSHFP_Test, createFromText) {
// Basic test
@@ -84,7 +96,6 @@ TEST_F(Rdata_SSHFP_Test, algorithmTypes) {
TEST_F(Rdata_SSHFP_Test, badText) {
EXPECT_THROW(const generic::SSHFP rdata_sshfp("1"), InvalidRdataText);
- EXPECT_THROW(const generic::SSHFP rdata_sshfp("1 2"), InvalidRdataText);
EXPECT_THROW(const generic::SSHFP rdata_sshfp("BUCKLE MY SHOES"), InvalidRdataText);
EXPECT_THROW(const generic::SSHFP rdata_sshfp("1 2 foo bar"), InvalidRdataText);
}
@@ -126,12 +137,39 @@ TEST_F(Rdata_SSHFP_Test, createFromWire) {
// short fingerprint data
EXPECT_NO_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
"rdata_sshfp_fromWire8.wire"));
+
+ // fingerprint is shorter than rdata len
+ EXPECT_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
+ "rdata_sshfp_fromWire9"),
+ InvalidRdataLength);
+
+ // fingerprint is missing
+ EXPECT_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
+ "rdata_sshfp_fromWire10"),
+ InvalidRdataLength);
+
+ // all rdata is missing
+ EXPECT_THROW(rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
+ "rdata_sshfp_fromWire11"),
+ InvalidRdataLength);
}
TEST_F(Rdata_SSHFP_Test, toText) {
EXPECT_TRUE(boost::iequals(sshfp_txt, rdata_sshfp.toText()));
}
+TEST_F(Rdata_SSHFP_Test, toWire) {
+ this->obuffer.clear();
+ rdata_sshfp.toWire(this->obuffer);
+
+ EXPECT_EQ(22, this->obuffer.getLength());
+
+ EXPECT_PRED_FORMAT4(UnitTestUtil::matchWireData,
+ this->obuffer.getData(),
+ this->obuffer.getLength(),
+ rdata_sshfp_wiredata, sizeof(rdata_sshfp_wiredata));
+}
+
TEST_F(Rdata_SSHFP_Test, getSSHFPAlgorithmNumber) {
EXPECT_EQ(2, rdata_sshfp.getSSHFPAlgorithmNumber());
}
@@ -139,4 +177,27 @@ TEST_F(Rdata_SSHFP_Test, getSSHFPAlgorithmNumber) {
TEST_F(Rdata_SSHFP_Test, getSSHFPFingerprintType) {
EXPECT_EQ(1, rdata_sshfp.getSSHFPFingerprintType());
}
+
+TEST_F(Rdata_SSHFP_Test, getFingerprintLen) {
+ EXPECT_EQ(20, rdata_sshfp.getFingerprintLen());
+}
+
+TEST_F(Rdata_SSHFP_Test, emptyFingerprintFromWire) {
+ const generic::SSHFP& rdf =
+ dynamic_cast<const generic::SSHFP&>
+ (*rdataFactoryFromFile(RRType("SSHFP"), RRClass("IN"),
+ "rdata_sshfp_fromWire12"));
+
+ EXPECT_EQ(4, rdf.getSSHFPAlgorithmNumber());
+ EXPECT_EQ(9, rdf.getSSHFPFingerprintType());
+ EXPECT_EQ(0, rdf.getFingerprintLen());
+}
+
+TEST_F(Rdata_SSHFP_Test, emptyFingerprintFromString) {
+ const generic::SSHFP rdata_sshfp2("5 6");
+
+ EXPECT_EQ(5, rdata_sshfp2.getSSHFPAlgorithmNumber());
+ EXPECT_EQ(6, rdata_sshfp2.getSSHFPFingerprintType());
+ EXPECT_EQ(0, rdata_sshfp2.getFingerprintLen());
+}
}
diff --git a/src/lib/dns/tests/testdata/Makefile.am b/src/lib/dns/tests/testdata/Makefile.am
index 86de476..9352833 100644
--- a/src/lib/dns/tests/testdata/Makefile.am
+++ b/src/lib/dns/tests/testdata/Makefile.am
@@ -135,6 +135,8 @@ EXTRA_DIST += rdata_sshfp_fromWire1.spec rdata_sshfp_fromWire2.spec
EXTRA_DIST += rdata_sshfp_fromWire3.spec rdata_sshfp_fromWire4.spec
EXTRA_DIST += rdata_sshfp_fromWire5.spec rdata_sshfp_fromWire6.spec
EXTRA_DIST += rdata_sshfp_fromWire7.spec rdata_sshfp_fromWire8.spec
+EXTRA_DIST += rdata_sshfp_fromWire9 rdata_sshfp_fromWire10
+EXTRA_DIST += rdata_sshfp_fromWire11 rdata_sshfp_fromWire12
EXTRA_DIST += rdata_afsdb_fromWire1.spec rdata_afsdb_fromWire2.spec
EXTRA_DIST += rdata_afsdb_fromWire3.spec rdata_afsdb_fromWire4.spec
EXTRA_DIST += rdata_afsdb_fromWire5.spec
diff --git a/src/lib/dns/tests/testdata/rdata_sshfp_fromWire10 b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire10
new file mode 100644
index 0000000..7e04a20
--- /dev/null
+++ b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire10
@@ -0,0 +1,6 @@
+# Test where fingerprint is missing
+
+# SSHFP RDATA, RDLEN=22
+0020
+# ALGORITHM=2 FINGERPRINT_TYPE=1 FINGERPRINT=123456789abcdef67890123456789abcdef67890
+02 01
diff --git a/src/lib/dns/tests/testdata/rdata_sshfp_fromWire11 b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire11
new file mode 100644
index 0000000..0756c83
--- /dev/null
+++ b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire11
@@ -0,0 +1,4 @@
+# Test where RDATA is completely missing
+
+# SSHFP RDATA, RDLEN=22
+0020
diff --git a/src/lib/dns/tests/testdata/rdata_sshfp_fromWire12 b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire12
new file mode 100644
index 0000000..eabd06b
--- /dev/null
+++ b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire12
@@ -0,0 +1,4 @@
+# SSHFP RDATA, RDLEN=02
+0002
+# ALGORITHM=4 FINGERPRINT_TYPE=9
+04 09
diff --git a/src/lib/dns/tests/testdata/rdata_sshfp_fromWire9 b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire9
new file mode 100644
index 0000000..05fc806
--- /dev/null
+++ b/src/lib/dns/tests/testdata/rdata_sshfp_fromWire9
@@ -0,0 +1,6 @@
+# Test where fingerprint length is smaller than what RDATA len indicates
+
+# SSHFP RDATA, RDLEN=32
+0020
+# ALGORITHM=2 FINGERPRINT_TYPE=1 FINGERPRINT=123456789abcdef67890123456789abcdef67890
+02 01 123456789abcdef67890123456789abcdef67890
More information about the bind10-changes
mailing list