Test maximum length NSEC3 hash detection

Adds text and wire format unit tests to verify the newly enforced
maximum NSEC3 hash length constraints.  These tests ensure that hash
lengths up to the 39-byte maximum are accepted, while larger sizes
correctly fail.

diff --git a/tests/dns/rdata_test.c b/tests/dns/rdata_test.c
index 01c99623c4c42677774e8498671fc8c4a1d1f704..2f63a7ab4797ad626eb6f772608f9f23cacc24d6 100644 (file)
--- a/tests/dns/rdata_test.c
+++ b/tests/dns/rdata_test.c
@@ -2464,8 +2464,7 @@ ISC_RUN_TEST_IMPL(nsec) {
  * RFC 5155.
  */
 ISC_RUN_TEST_IMPL(nsec3) {
-       text_ok_t text_ok[] = { TEXT_INVALID(""),
-                               TEXT_INVALID("."),
+       text_ok_t text_ok[] = { TEXT_INVALID(""), TEXT_INVALID("."),
                                TEXT_INVALID(". RRSIG"),
                                TEXT_INVALID("1 0 10 76931F"),
                                TEXT_INVALID("1 0 10 76931F "
@@ -2481,9 +2480,38 @@ ISC_RUN_TEST_IMPL(nsec3) {
                                           "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"),
                                TEXT_VALID("1 0 10 - "
                                           "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"),
+                               /* 123456789012345678901234567890123456789 */
+                               TEXT_VALID("2 0 10 - "
+                                          "64P36D1L6ORJGE9G64P36D1L6ORJGE9G64P"
+                                          "36D1L6ORJGE9G64P36D1L6ORJGE8"),
+                               /* 1234567890123456789012345678901234567890 */
+                               TEXT_INVALID("2 0 10 - "
+                                            "64P36D1L6ORJGE9G64P36D1L6ORJGE9G6"
+                                            "4P36D1L6ORJGE9G64P36D1L6ORJGE9G"),
                                TEXT_SENTINEL() };
+       wire_ok_t wire_ok[] = {
+               WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00),
+               /* maximal hash */
+               WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x27, 0x01, 0x02, 0x03,
+                          0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, 0x02,
+                          0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01,
+                          0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00,
+                          0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+                          0x09),
+               /* Too big hash */
+               WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x28, 0x01, 0x02,
+                            0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00,
+                            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+                            0x09, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+                            0x07, 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, 0x04,
+                            0x05, 0x06, 0x07, 0x08, 0x09, 0x00),
+               /*
+                * Sentinel.
+                */
+               WIRE_SENTINEL()
+       };
 
-       check_rdata(text_ok, NULL, NULL, false, dns_rdataclass_in,
+       check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
                    dns_rdatatype_nsec3, sizeof(dns_rdata_nsec3_t));
 }