BIND 10 trac2521, updated. 23db9e9d61274b5c8c4d23b493cbd582eb9eda4a [2521] further DHCID review updates

Thu May 2 18:26:17 UTC 2013

The branch, trac2521 has been updated
       via  23db9e9d61274b5c8c4d23b493cbd582eb9eda4a (commit)
       via  2a6431ad41175316c82c7d13c0bffa0de9a44a7b (commit)
      from  1d3b43a5f11c82ea80c9c8469cb8aee4f504cb20 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 23db9e9d61274b5c8c4d23b493cbd582eb9eda4a
Author: Paul Selkirk <pselkirk at isc.org>
Date:   Thu May 2 14:20:45 2013 -0400

    [2521] further DHCID review updates
    
    - fixed multi-line digest aggregator
    - remove min-length check, and allow empty string
    - removed unit tests for short strings
    - added unit tests for empty string and  unterminated multi-line base64

commit 2a6431ad41175316c82c7d13c0bffa0de9a44a7b
Author: Paul Selkirk <pselkirk at isc.org>
Date:   Thu May 2 12:45:24 2013 -0400

    [2521] further RRSIG review updates
    
    - fixed multi-line signature aggregator
    - allow empty signature
    - fixed some unit tests
    - added unit test for unterminated multi-line base64

-----------------------------------------------------------------------

Summary of changes:
 src/lib/dns/rdata/generic/rrsig_46.cc     |   49 ++++++++++++++++---------
 src/lib/dns/rdata/generic/rrsig_46.h      |    2 +-
 src/lib/dns/rdata/in_1/dhcid_49.cc        |   57 ++++++++++++-----------------
 src/lib/dns/rdata/in_1/dhcid_49.h         |    2 +-
 src/lib/dns/tests/rdata_dhcid_unittest.cc |   25 ++++++++-----
 src/lib/dns/tests/rdata_rrsig_unittest.cc |   54 ++++++++++++++++++---------
 6 files changed, 108 insertions(+), 81 deletions(-)

-----------------------------------------------------------------------

diff --git a/src/lib/dns/rdata/generic/rrsig_46.cc b/src/lib/dns/rdata/generic/rrsig_46.cc
index 6ef79fa..909453d 100644
--- a/src/lib/dns/rdata/generic/rrsig_46.cc
+++ b/src/lib/dns/rdata/generic/rrsig_46.cc
@@ -74,8 +74,8 @@ struct RRSIGImpl {
 };
 
 // helper function for string and lexer constructors
-void
-RRSIG::createFromLexer(MasterLexer& lexer, const Name* origin) {
+RRSIGImpl *
+RRSIG::constructFromLexer(MasterLexer& lexer, const Name* origin) {
     const RRType covered(lexer.getNextToken(MasterToken::STRING).getString());
     const uint32_t algorithm =
         lexer.getNextToken(MasterToken::NUMBER).getNumber();
@@ -99,25 +99,31 @@ RRSIG::createFromLexer(MasterLexer& lexer, const Name* origin) {
         isc_throw(InvalidRdataText, "RRSIG key tag out of range");
     }
     const Name signer = createNameFromLexer(lexer, origin);
-    string signature_txt =
-        lexer.getNextToken(MasterToken::STRING).getString();
-    // RFC4034 says "Whitespace is allowed within the Base64 text."
-    // So read to the end of input.
+
+    string signature_txt;
+    string signature_part;
+    // Whitespace is allowed within base64 text, so read to the end of input.
     while (true) {
-        const MasterToken& token = lexer.getNextToken();
-        if (token.getType() != MasterToken::STRING) {
+        const MasterToken& token =
+            lexer.getNextToken(MasterToken::STRING, true);
+        if ((token.getType() == MasterToken::END_OF_FILE) ||
+            (token.getType() == MasterToken::END_OF_LINE)) {
             break;
         }
-        signature_txt.append(token.getString());
+        token.getString(signature_part);
+        signature_txt.append(signature_part);
     }
     lexer.ungetToken();
 
     vector<uint8_t> signature;
-    decodeBase64(signature_txt, signature);
+    // missing signature is okay
+    if (signature_txt.size() > 0) {
+        decodeBase64(signature_txt, signature);
+    }
 
-    impl_ = new RRSIGImpl(covered, algorithm, labels,
+    return (new RRSIGImpl(covered, algorithm, labels,
                           originalttl, timeexpire, timeinception,
-                          static_cast<uint16_t>(tag), signer, signature);
+                          static_cast<uint16_t>(tag), signer, signature));
 }
 
 /// \brief Constructor from string.
@@ -139,12 +145,17 @@ RRSIG::createFromLexer(MasterLexer& lexer, const Name* origin) {
 RRSIG::RRSIG(const std::string& rrsig_str) :
     impl_(NULL)
 {
+    // We use auto_ptr here because if there is an exception in this
+    // constructor, the destructor is not called and there could be a
+    // leak of the RRSIGImpl that constructFromLexer() returns.
+    std::auto_ptr<RRSIGImpl> impl_ptr(NULL);
+
     try {
-        istringstream iss(rrsig_str);
+        std::istringstream iss(rrsig_str);
         MasterLexer lexer;
         lexer.pushSource(iss);
 
-        createFromLexer(lexer, NULL);
+        impl_ptr.reset(constructFromLexer(lexer, NULL));
 
         if (lexer.getNextToken().getType() != MasterToken::END_OF_FILE) {
             isc_throw(InvalidRdataText, "extra input text for RRSIG: "
@@ -154,6 +165,8 @@ RRSIG::RRSIG(const std::string& rrsig_str) :
         isc_throw(InvalidRdataText, "Failed to construct RRSIG from '" <<
                   rrsig_str << "': " << ex.what());
     }
+
+    impl_ = impl_ptr.release();
 }
 
 /// \brief Constructor with a context of MasterLexer.
@@ -163,9 +176,9 @@ RRSIG::RRSIG(const std::string& rrsig_str) :
 /// origin is non NULL, in which case \c origin is used to make it absolute.
 /// This must not be represented as a quoted string.
 ///
-/// The Original TTL field is a valid decimal representation of an
-/// unsigned 32-bit integer. Note that RFC4034 does not allow alternate
-/// textual representations of \c RRTTL such as "1H" for 3600 seconds.
+/// The Original TTL field is a valid decimal representation of an unsigned
+/// 32-bit integer. Note that alternate textual representations of \c RRTTL,
+/// such as "1H" for 3600 seconds, are not allowed here.
 ///
 /// \throw MasterLexer::LexerError General parsing error such as missing field.
 /// \throw Other Exceptions from the Name constructor if
@@ -179,7 +192,7 @@ RRSIG::RRSIG(MasterLexer& lexer, const Name* origin,
              MasterLoader::Options, MasterLoaderCallbacks&) :
     impl_(NULL)
 {
-    createFromLexer(lexer, origin);
+    impl_ = constructFromLexer(lexer, origin);
 }
 
 RRSIG::RRSIG(InputBuffer& buffer, size_t rdata_len) {
diff --git a/src/lib/dns/rdata/generic/rrsig_46.h b/src/lib/dns/rdata/generic/rrsig_46.h
index fbcf7e4..de72f64 100644
--- a/src/lib/dns/rdata/generic/rrsig_46.h
+++ b/src/lib/dns/rdata/generic/rrsig_46.h
@@ -48,7 +48,7 @@ public:
     const RRType& typeCovered() const;
 private:
     // helper function for string and lexer constructors
-    void createFromLexer(MasterLexer& lexer, const Name* origin);
+    RRSIGImpl* constructFromLexer(MasterLexer& lexer, const Name* origin);
 
     RRSIGImpl* impl_;
 };
diff --git a/src/lib/dns/rdata/in_1/dhcid_49.cc b/src/lib/dns/rdata/in_1/dhcid_49.cc
index a857f4b..f8b3b85 100644
--- a/src/lib/dns/rdata/in_1/dhcid_49.cc
+++ b/src/lib/dns/rdata/in_1/dhcid_49.cc
@@ -32,50 +32,47 @@ using namespace isc::util::encode;
 // BEGIN_RDATA_NAMESPACE
 
 void
-DHCID::createFromLexer(MasterLexer& lexer) {
-    string digest_txt = lexer.getNextToken(MasterToken::STRING).getString();
+DHCID::constructFromLexer(MasterLexer& lexer) {
+    string digest_txt;
+    string digest_part;
+    // Whitespace is allowed within base64 text, so read to the end of input.
     while (true) {
-        const MasterToken& token = lexer.getNextToken();
-        if (token.getType() != MasterToken::STRING) {
+        const MasterToken& token =
+            lexer.getNextToken(MasterToken::STRING, true);
+        if ((token.getType() == MasterToken::END_OF_FILE) ||
+            (token.getType() == MasterToken::END_OF_LINE)) {
             break;
         }
-        digest_txt.append(token.getString());
+        token.getString(digest_part);
+        digest_txt.append(digest_part);
     }
     lexer.ungetToken();
-    decodeBase64(digest_txt, digest_);
-
-    // RFC4701 states DNS software should consider the RDATA section to
-    // be opaque, but there must be at least three bytes in the data:
-    // < 2 octets >    Identifier type code
-    // < 1 octet >     Digest type code
-    if (digest_.size() < 3) {
-        isc_throw(InvalidRdataLength, "DHCID length " << digest_.size() <<
-                  " too short, need at least 3 bytes");
+
+    // missing digest data is okay
+    if (digest_txt.size() > 0) {
+        decodeBase64(digest_txt, digest_);
     }
 }
 
 /// \brief Constructor from string.
 ///
 /// \param dhcid_str A base-64 representation of the DHCID binary data.
-/// The data is considered to be opaque, but a sanity check is performed.
+/// RFC4701 says "DNS software should consider the RDATA section to be opaque."
 ///
-/// <b>Exceptions</b>
+/// It is okay for the key data to be missing.  Note: BIND 9 also accepts
+/// DHCID missing key data.  While the RFC is silent in this case, and it
+/// may be debatable what an implementation should do, but since this field
+/// is algorithm dependent and this implementations doesn't reject unknown
+/// algorithms, it's lenient here.
 ///
-/// \c dhcid_str must be a valid  BASE-64 string, otherwise an exception
-/// of class \c isc::BadValue will be thrown;
-/// the binary data should consist of at leat of 3 octets as per RFC4701:
-///           < 2 octets >    Identifier type code
-///           < 1 octet >     Digest type code
-///           < n octets >    Digest (length depends on digest type)
-/// If the data is less than 3 octets (i.e. it cannot contain id type code and
-/// digest type code), an exception of class \c InvalidRdataLength is thrown.
+/// \throw InvalidRdataText if the string could not be parsed correctly.
 DHCID::DHCID(const std::string& dhcid_str) {
     try {
         std::istringstream iss(dhcid_str);
         MasterLexer lexer;
         lexer.pushSource(iss);
 
-        createFromLexer(lexer);
+        constructFromLexer(lexer);
 
         if (lexer.getNextToken().getType() != MasterToken::END_OF_FILE) {
             isc_throw(InvalidRdataText, "extra input text for DHCID: "
@@ -98,22 +95,14 @@ DHCID::DHCID(const std::string& dhcid_str) {
 /// RDATA to be created
 DHCID::DHCID(MasterLexer& lexer, const Name*,
              MasterLoader::Options, MasterLoaderCallbacks&) {
-    createFromLexer(lexer);
+    constructFromLexer(lexer);
 }
 
 /// \brief Constructor from wire-format data.
 ///
 /// \param buffer A buffer storing the wire format data.
 /// \param rdata_len The length of the RDATA in bytes
-///
-/// <b>Exceptions</b>
-/// \c InvalidRdataLength is thrown if \c rdata_len is than minimum of 3 octets
 DHCID::DHCID(InputBuffer& buffer, size_t rdata_len) {
-    if (rdata_len < 3) {
-        isc_throw(InvalidRdataLength, "DHCID length " << rdata_len <<
-                  " too short, need at least 3 bytes");
-    }
-
     digest_.resize(rdata_len);
     buffer.readData(&digest_[0], rdata_len);
 }
diff --git a/src/lib/dns/rdata/in_1/dhcid_49.h b/src/lib/dns/rdata/in_1/dhcid_49.h
index 17bd746..81041b0 100644
--- a/src/lib/dns/rdata/in_1/dhcid_49.h
+++ b/src/lib/dns/rdata/in_1/dhcid_49.h
@@ -44,7 +44,7 @@ public:
 
 private:
     // helper for string and lexer constructors
-    void createFromLexer(MasterLexer& lexer);
+    void constructFromLexer(MasterLexer& lexer);
 
     /// \brief Private data representation
     ///
diff --git a/src/lib/dns/tests/rdata_dhcid_unittest.cc b/src/lib/dns/tests/rdata_dhcid_unittest.cc
index 4158afc..1a18110 100644
--- a/src/lib/dns/tests/rdata_dhcid_unittest.cc
+++ b/src/lib/dns/tests/rdata_dhcid_unittest.cc
@@ -55,6 +55,12 @@ protected:
             rdata_str, rdata_dhcid, true, true);
     }
 
+    void checkFromText_LexerError(const string& rdata_str) {
+        checkFromText
+            <in::DHCID, InvalidRdataText, MasterLexer::LexerError>(
+                rdata_str, rdata_dhcid, true, true);
+    }
+
     void checkFromText_BadString(const string& rdata_str) {
         checkFromText
             <in::DHCID, InvalidRdataText, isc::Exception>(
@@ -68,6 +74,9 @@ protected:
 TEST_F(Rdata_DHCID_Test, fromText) {
     EXPECT_EQ(dhcid_txt, rdata_dhcid.toText());
 
+    // missing digest data is okay
+    EXPECT_NO_THROW(const in::DHCID digest(""));
+
     // Space in digest data is OK
     checkFromText_None(
             "0LIg0LvQtdGB0YMg 0YDQvtC00LjQu9Cw 0YHRjCDRkdC70L7R h9C60LA=");
@@ -80,15 +89,17 @@ TEST_F(Rdata_DHCID_Test, fromText) {
     // to fail, but the lexer constructor must be able to continue
     // parsing from it.
     checkFromText_BadString(
-	    "0LIg0LvQtdGB0YMg0YDQvtC00LjQu9Cw0YHRjCDRkdC70L7Rh9C60LA="
-	    " ; comment\n"
-	    "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=");
+            "0LIg0LvQtdGB0YMg0YDQvtC00LjQu9Cw0YHRjCDRkdC70L7Rh9C60LA="
+            " ; comment\n"
+            "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=");
 }
 
 TEST_F(Rdata_DHCID_Test, badText) {
-    checkFromText_BadValue("00");
-    checkFromText_InvalidLength("MDA=");
     checkFromText_BadValue("EEeeeeeeEEEeeeeeeGaaahAAAAAAAAHHHHHHHHHHH!=");
+
+    // unterminated multi-line base64
+    checkFromText_LexerError(
+            "( 0LIg0LvQtdGB0YMg0YDQvtC00LjQu9Cw\n0YHRjCDRkdC70L7R h9C60LA=");
 }
 
 TEST_F(Rdata_DHCID_Test, copy) {
@@ -107,10 +118,6 @@ TEST_F(Rdata_DHCID_Test, createFromLexer) {
     EXPECT_EQ(0, rdata_dhcid.compare(
         *test::createRdataUsingLexer(RRType::DHCID(), RRClass::IN(),
                                      dhcid_txt)));
-
-    // Exceptions cause NULL to be returned.
-    EXPECT_FALSE(test::createRdataUsingLexer(RRType::DHCID(), RRClass::IN(),
-                                             "00"));
 }
 
 TEST_F(Rdata_DHCID_Test, toWireRenderer) {
diff --git a/src/lib/dns/tests/rdata_rrsig_unittest.cc b/src/lib/dns/tests/rdata_rrsig_unittest.cc
index 54cdf7e..f945374 100644
--- a/src/lib/dns/tests/rdata_rrsig_unittest.cc
+++ b/src/lib/dns/tests/rdata_rrsig_unittest.cc
@@ -97,9 +97,13 @@ TEST_F(Rdata_RRSIG_Test, fromText) {
     EXPECT_EQ(rrsig_txt, rdata_rrsig.toText());
     EXPECT_EQ(isc::dns::RRType::A(), rdata_rrsig.typeCovered());
 
+    // Missing signature is OK
+    EXPECT_NO_THROW(const generic::RRSIG sig(
+              "A 5 4 43200 20100223214617 20100222214617 8496 isc.org."));
+
     // Space in signature data is OK
     checkFromText_None(
-	      "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
+              "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
               "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz "
               "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/ "
               "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU "
@@ -107,7 +111,7 @@ TEST_F(Rdata_RRSIG_Test, fromText) {
 
     // Multi-line signature data is OK, if enclosed in parentheses
     checkFromText_None(
-	      "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
+              "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
               "( evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz\n"
               "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/\n"
               "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU\n"
@@ -117,15 +121,15 @@ TEST_F(Rdata_RRSIG_Test, fromText) {
     // to fail, but the lexer constructor must be able to continue
     // parsing from it.
     checkFromText_BadString(
-	      "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
-              "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz "
-              "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/ "
-              "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU "
+              "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
+              "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz"
+              "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
+              "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
               "f49t+sXKPzbipN9g+s1ZPiIyofc= ; comment\n"
-	      "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
-              "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz "
-              "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/ "
-              "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU "
+              "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
+              "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz"
+              "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
+              "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
               "f49t+sXKPzbipN9g+s1ZPiIyofc=");
 }
 
@@ -139,10 +143,7 @@ TEST_F(Rdata_RRSIG_Test, badText) {
     checkFromText_LexerError("A 5 4 43200 20100223214617");
     checkFromText_LexerError("A 5 4 43200 20100223214617 20100222214617");
     checkFromText_LexerError("A 5 4 43200 20100223214617 20100222214617 "
-			      "8496");
-    checkFromText_LexerError("A 5 4 43200 20100223214617 20100222214617 "
-			      "8496 isc.org.");
-
+                              "8496");
     // bad algorithm
     checkFromText_InvalidText(
                      "A 555 4 43200 "
@@ -158,6 +159,7 @@ TEST_F(Rdata_RRSIG_Test, badText) {
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
                      "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+
     // bad labels
     checkFromText_InvalidText(
                      "A 5 4444 43200 "
@@ -173,6 +175,7 @@ TEST_F(Rdata_RRSIG_Test, badText) {
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
                      "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+
     // bad original ttl
     checkFromText_LexerError(
                      "A 5 4 999999999999 "
@@ -188,13 +191,15 @@ TEST_F(Rdata_RRSIG_Test, badText) {
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
                      "f49t+sXKPzbipN9g+s1ZPiIyofc=");
-    // Alternate form of TTL is not okay
+
+    // alternate form of TTL is not okay
     checkFromText_LexerError(
-	      "A 5 4 12H 20100223214617 20100222214617 8496 isc.org. "
+              "A 5 4 12H 20100223214617 20100222214617 8496 isc.org. "
               "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz "
               "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/ "
               "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU "
               "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+
     // bad signature expiration
     checkFromText_InvalidTime(
                      "A 5 4 43200 "
@@ -202,7 +207,7 @@ TEST_F(Rdata_RRSIG_Test, badText) {
                      "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz"
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
-                     "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+                     "f49t+sXKPzbipN9g+s1ZPiIyofc="); 
     checkFromText_InvalidTime(
                      "A 5 4 43200 "
                      "EXPIRATION 20100222214617 8496 isc.org. "
@@ -210,6 +215,7 @@ TEST_F(Rdata_RRSIG_Test, badText) {
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
                      "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+
    // bad signature inception
     checkFromText_InvalidTime(
                      "A 5 4 43200 "
@@ -225,6 +231,7 @@ TEST_F(Rdata_RRSIG_Test, badText) {
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
                      "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+
     // bad key tag
     checkFromText_InvalidText(
                      "A 5 4 43200 "
@@ -240,23 +247,34 @@ TEST_F(Rdata_RRSIG_Test, badText) {
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
                      "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+
     // bad signer name
     checkFromText_MissingOrigin(
                      "A 5 4 43200 "
-                     "20100223214617 20100222214617 8496 isc.org"
+                     "20100223214617 20100222214617 8496 isc.org "
                      "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz"
                      "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
                      "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
                      "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+
     // bad signature
     checkFromText_BadValue(
                      "A 5 4 43200 "
                      "20100223214617 20100222214617 8496 isc.org. "
                      "EEeeeeeeEEEeeeeeeGaaahAAAAAAAAHHHHHHHHHHH!=");
+
     // no space between the tag and signer
     checkFromText_LexerError(
                      "A 5 4 43200 20100223214617 20100222214617 "
                      "8496isc.org. ofc=");
+
+    // unterminated multi-line base64
+    checkFromText_LexerError(
+              "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
+              "( evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz\n"
+              "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/\n"
+              "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU\n"
+              "f49t+sXKPzbipN9g+s1ZPiIyofc=");
 }
 
 TEST_F(Rdata_RRSIG_Test, createFromLexer) {

