[v9_8] change 3630 incomplete--needed to check fromtext too

(cherry picked from commit 5f630b9417a01321f73662202e63922eccea5900)

diff --git a/lib/dns/rdata/generic/dnskey_48.c b/lib/dns/rdata/generic/dnskey_48.c
index 21d98743465f07d41ec0fb9f00354c2c60ffa35a..d0768eedcabe5fe44747eb671892788f1d38d7b4 100644 (file)
--- a/lib/dns/rdata/generic/dnskey_48.c
+++ b/lib/dns/rdata/generic/dnskey_48.c
@@ -32,6 +32,7 @@
 
 static inline isc_result_t
 fromtext_dnskey(ARGS_FROMTEXT) {
+       isc_result_t result;
        isc_token_t token;
        dns_secalg_t alg;
        dns_secproto_t proto;
@@ -67,7 +68,15 @@ fromtext_dnskey(ARGS_FROMTEXT) {
        if ((flags & 0xc000) == 0xc000)
                return (ISC_R_SUCCESS);
 
-       return (isc_base64_tobuffer(lexer, target, -1));
+       result = isc_base64_tobuffer(lexer, target, -1);
+       if (result != ISC_R_SUCCESS)
+               return (result);
+
+       /* Ensure there's at least enough data to compute a key ID for MD5 */
+       if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
+               return (ISC_R_UNEXPECTEDEND);
+
+       return (ISC_R_SUCCESS);
 }
 
 static inline isc_result_t

diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c
index 016e899ba2062698dcfebca6ead6056144583180..1ebf2eea6b2f86091d138e344d13702584790c4a 100644 (file)
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@@ -32,6 +32,7 @@
 
 static inline isc_result_t
 fromtext_key(ARGS_FROMTEXT) {
+       isc_result_t result;
        isc_token_t token;
        dns_secalg_t alg;
        dns_secproto_t proto;
@@ -67,7 +68,15 @@ fromtext_key(ARGS_FROMTEXT) {
        if ((flags & 0xc000) == 0xc000)
                return (ISC_R_SUCCESS);
 
-       return (isc_base64_tobuffer(lexer, target, -1));
+       result = isc_base64_tobuffer(lexer, target, -1);
+       if (result != ISC_R_SUCCESS)
+               return (result);
+
+       /* Ensure there's at least enough data to compute a key ID for MD5 */
+       if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
+               return (ISC_R_UNEXPECTEDEND);
+
+       return (ISC_R_SUCCESS);
 }
 
 static inline isc_result_t

diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c
index f4147a1d3721ee74d85beb530b44c8133238bc34..072016191909a993b7f5867e38418dd322a62c28 100644 (file)
--- a/lib/dns/rdata/generic/keydata_65533.c
+++ b/lib/dns/rdata/generic/keydata_65533.c
@@ -25,6 +25,7 @@
 
 static inline isc_result_t
 fromtext_keydata(ARGS_FROMTEXT) {
+       isc_result_t result;
        isc_token_t token;
        dns_secalg_t alg;
        dns_secproto_t proto;
@@ -79,7 +80,15 @@ fromtext_keydata(ARGS_FROMTEXT) {
        if ((flags & 0xc000) == 0xc000)
                return (ISC_R_SUCCESS);
 
-       return (isc_base64_tobuffer(lexer, target, -1));
+       result = isc_base64_tobuffer(lexer, target, -1);
+       if (result != ISC_R_SUCCESS)
+               return (result);
+
+       /* Ensure there's at least enough data to compute a key ID for MD5 */
+       if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 19)
+               return (ISC_R_UNEXPECTEDEND);
+
+       return (ISC_R_SUCCESS);
 }
 
 static inline isc_result_t