[trac117] added a test case with empty hash. code had a bug, so fixed it.

2025-08-28 12:37:55 +00:00 · 2011-02-16 00:47:17 -08:00 · 2011-02-16 00:47:17 -08:00 · 00b804d710
commit 00b804d710
parent 75cd27c3b2
5 changed files with 21 additions and 3 deletions
--- a/src/lib/dns/rdata/generic/nsec3_50.cc
+++ b/src/lib/dns/rdata/generic/nsec3_50.cc
@ -163,8 +163,8 @@ NSEC3::NSEC3(InputBuffer& buffer, size_t rdata_len) {

    const uint8_t nextlen = buffer.readUint8();
    --rdata_len;
-    if (rdata_len <= nextlen) {
-        isc_throw(DNSMessageFORMERR, "NSEC3 hash length is too large: " <<
+    if (nextlen == 0 || rdata_len <= nextlen) {
+        isc_throw(DNSMessageFORMERR, "NSEC3 invalid hash length: " <<
                  static_cast<unsigned int>(nextlen));
    }

--- a/src/lib/dns/tests/rdata_nsec3_unittest.cc
+++ b/src/lib/dns/tests/rdata_nsec3_unittest.cc
@ -153,6 +153,11 @@ TEST_F(Rdata_NSEC3_Test, createFromWire) {
                                      "rdata_nsec3_fromWire12.wire"),
                 DNSMessageFORMERR);

+    // empty hash.  invalid.
+    EXPECT_THROW(rdataFactoryFromFile(RRType::NSEC3(), RRClass::IN(),
+                                      "rdata_nsec3_fromWire14.wire"),
+                 DNSMessageFORMERR);
+
    //
    // Short buffer cases.  The data is valid NSEC3 RDATA, but the buffer
    // is trimmed at the end.  All cases should result in an exception from
--- a/src/lib/dns/tests/testdata/Makefile.am
+++ b/src/lib/dns/tests/testdata/Makefile.am
@ -14,6 +14,7 @@ BUILT_SOURCES += rdata_nsec3_fromWire6.wire rdata_nsec3_fromWire7.wire
 BUILT_SOURCES += rdata_nsec3_fromWire8.wire rdata_nsec3_fromWire9.wire
 BUILT_SOURCES += rdata_nsec3_fromWire10.wire rdata_nsec3_fromWire11.wire
 BUILT_SOURCES += rdata_nsec3_fromWire12.wire rdata_nsec3_fromWire13.wire
+BUILT_SOURCES += rdata_nsec3_fromWire14.wire
 BUILT_SOURCES += rdata_rrsig_fromWire2.wire
 BUILT_SOURCES += rdata_soa_toWireUncompressed.wire
 BUILT_SOURCES += rdata_txt_fromWire2.wire rdata_txt_fromWire3.wire
@ -62,6 +63,7 @@ EXTRA_DIST += rdata_nsec3_fromWire6.spec rdata_nsec3_fromWire7.spec
 EXTRA_DIST += rdata_nsec3_fromWire8.spec rdata_nsec3_fromWire9.spec
 EXTRA_DIST += rdata_nsec3_fromWire10.spec rdata_nsec3_fromWire11.spec
 EXTRA_DIST += rdata_nsec3_fromWire12.spec rdata_nsec3_fromWire13.spec
+EXTRA_DIST += rdata_nsec3_fromWire14.spec
 EXTRA_DIST += rdata_opt_fromWire rdata_rrsig_fromWire1
 EXTRA_DIST += rdata_rrsig_fromWire2.spec
 EXTRA_DIST += rdata_soa_fromWire rdata_soa_toWireUncompressed.spec
--- a/src/lib/dns/tests/testdata/gen-wiredata.py.in
+++ b/src/lib/dns/tests/testdata/gen-wiredata.py.in
@ -361,7 +361,9 @@ class NSEC3(NSECBASE):
                                ' ' if len(self.salt) > 0 else '',
                                encode_string(self.salt)))
        f.write("# Hash Len=%d, Hash='%s'\n" % (self.hashlen, self.hash))
-        f.write('%02x %s\n' % (self.hashlen, encode_string(self.hash)))
+        f.write('%02x%s%s\n' % (self.hashlen,
+                                ' ' if len(self.hash) > 0 else '',
+                                encode_string(self.hash)))

 class RRSIG:
    rdlen = -1                  # auto-calculate
--- a/src/lib/dns/tests/testdata/rdata_nsec3_fromWire14.spec
+++ b/src/lib/dns/tests/testdata/rdata_nsec3_fromWire14.spec
@ -0,0 +1,9 @@
+#
+# An invalid NSEC3 RDATA: empty hash
+#
+
+[custom]
+sections: nsec3
+[nsec3]
+hashlen: 0
+hash: ''