The APLItem constructor should make sure that the address field

is not too long for unknown address families.  [#672]

diff --git a/dns/rdtypes/IN/APL.py b/dns/rdtypes/IN/APL.py
index 5cfdc344416a0c8d2045f2a186fe56b64e8cf0c9..ae94fb24ceadbf7923955e55941aa2b40b0e67a5 100644 (file)
--- a/dns/rdtypes/IN/APL.py
+++ b/dns/rdtypes/IN/APL.py
@@ -43,7 +43,7 @@ class APLItem:
             self.address = dns.rdata.Rdata._as_ipv6_address(address)
             self.prefix = dns.rdata.Rdata._as_int(prefix, 0, 128)
         else:
-            self.address = dns.rdata.Rdata._as_bytes(address)
+            self.address = dns.rdata.Rdata._as_bytes(address, max_length=127)
             self.prefix = dns.rdata.Rdata._as_uint8(prefix)
 
     def __str__(self):

diff --git a/tests/test_rdata.py b/tests/test_rdata.py
index 45ceb29b0f550237559a63e600e88600a2624c62..05ec6caff4de6d12a0f312e2e84936ad3ea5678e 100644 (file)
--- a/tests/test_rdata.py
+++ b/tests/test_rdata.py
@@ -33,6 +33,7 @@ from dns.rdtypes.ANY.OPT import OPT
 from dns.rdtypes.ANY.LOC import LOC
 from dns.rdtypes.ANY.GPOS import GPOS
 import dns.rdtypes.ANY.RRSIG
+import dns.rdtypes.IN.APL
 import dns.rdtypes.util
 import dns.tokenizer
 import dns.ttl
@@ -651,6 +652,13 @@ class RdataTestCase(unittest.TestCase):
         with self.assertRaises(dns.exception.SyntaxError):
             dns.rdata.from_text(dns.rdataclass.IN, dns.rdatatype.SMIMEA, '1 1 1 aGVsbG8gd29ybGQh')
 
+    def test_bad_APLItem_address_length(self):
+        with self.assertRaises(ValueError):
+            # 9999 is used in as an "unknown" address family.  In the unlikely
+            # event it is ever defined, we should switch the test to another
+            # value.
+            dns.rdtypes.IN.APL.APLItem(9999, False, b'0xff' * 128, 255)
+
     def test_DNSKEY_chunking(self):
         inputs = (  # each with chunking as given by dig, unusual chunking, and no chunking
             # example 1