[v9_9] change 3630 incomplete--needed to check fromtext too

(cherry picked from commit 5f630b9417a01321f73662202e63922eccea5900)

diff --git a/lib/dns/rdata/generic/dnskey_48.c b/lib/dns/rdata/generic/dnskey_48.c
index 3a22a10f46f6818d6e51ac0850159f0aa40a51ac..aa705cab3684868e1ee41473b02aa96bbd2616ec 100644 (file)
--- a/lib/dns/rdata/generic/dnskey_48.c
+++ b/lib/dns/rdata/generic/dnskey_48.c
@@ -32,6 +32,7 @@
 
 static inline isc_result_t
 fromtext_dnskey(ARGS_FROMTEXT) {
+       isc_result_t result;
        isc_token_t token;
        dns_secalg_t alg;
        dns_secproto_t proto;
@@ -67,7 +68,15 @@ fromtext_dnskey(ARGS_FROMTEXT) {
        if ((flags & 0xc000) == 0xc000)
                return (ISC_R_SUCCESS);
 
-       return (isc_base64_tobuffer(lexer, target, -1));
+       result = isc_base64_tobuffer(lexer, target, -1);
+       if (result != ISC_R_SUCCESS)
+               return (result);
+
+       /* Ensure there's at least enough data to compute a key ID for MD5 */
+       if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
+               return (ISC_R_UNEXPECTEDEND);
+
+       return (ISC_R_SUCCESS);
 }
 
 static inline isc_result_t

diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c
index b10bbd528dbd70c05bad21a8fcd9e5df41ebfe46..f55401e1b8acd6bc2c48b50de7e392fd7b7f53de 100644 (file)
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@@ -32,6 +32,7 @@
 
 static inline isc_result_t
 fromtext_key(ARGS_FROMTEXT) {
+       isc_result_t result;
        isc_token_t token;
        dns_secalg_t alg;
        dns_secproto_t proto;
@@ -67,7 +68,15 @@ fromtext_key(ARGS_FROMTEXT) {
        if ((flags & 0xc000) == 0xc000)
                return (ISC_R_SUCCESS);
 
-       return (isc_base64_tobuffer(lexer, target, -1));
+       result = isc_base64_tobuffer(lexer, target, -1);
+       if (result != ISC_R_SUCCESS)
+               return (result);
+
+       /* Ensure there's at least enough data to compute a key ID for MD5 */
+       if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
+               return (ISC_R_UNEXPECTEDEND);
+
+       return (ISC_R_SUCCESS);
 }
 
 static inline isc_result_t

diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c
index a3ed8603fefc9645e5a6b05330e20c9c86b4f169..03ad1ed7382f546aafd9bcf7e567f1b45d5af977 100644 (file)
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -25,6 +25,7 @@
 
 static inline isc_result_t
 fromtext_keydata(ARGS_FROMTEXT) {
+       isc_result_t result;
        isc_token_t token;
        dns_secalg_t alg;
        dns_secproto_t proto;
@@ -79,7 +80,15 @@ fromtext_keydata(ARGS_FROMTEXT) {
        if ((flags & 0xc000) == 0xc000)
                return (ISC_R_SUCCESS);
 
-       return (isc_base64_tobuffer(lexer, target, -1));
+       result = isc_base64_tobuffer(lexer, target, -1);
+       if (result != ISC_R_SUCCESS)
+               return (result);
+
+       /* Ensure there's at least enough data to compute a key ID for MD5 */
+       if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 19)
+               return (ISC_R_UNEXPECTEDEND);
+
+       return (ISC_R_SUCCESS);
 }
 
 static inline isc_result_t