From 182a34004c7c48e2c1626f3ce7e787f413955126 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 17 Apr 2003 03:43:35 +0000
Subject: [PATCH] 1463.   [bug]           dns_rdata_from{wire,struct}() failed
 to catch bad                         NXT bit maps. [RT #5577]

---
 CHANGES                        |  3 +++
 lib/dns/include/dns/result.h   |  5 +++--
 lib/dns/rdata/generic/nxt_30.c | 12 ++++++++----
 lib/dns/result.c               |  5 +++--
 4 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1b3f79c2d4..dbc9e91a91 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1463.	[bug]		dns_rdata_from{wire,struct}() failed to catch bad
+			NXT bit maps. [RT #5577]
+
 1462.	[bug]		parse_sizeval() failed to check the token type.
 			[RT #5586]
 
diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h
index 64c6304b9a..40419c2d7f 100644
--- a/lib/dns/include/dns/result.h
+++ b/lib/dns/include/dns/result.h
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.h,v 1.97 2003/02/27 00:19:04 marka Exp $ */
+/* $Id: result.h,v 1.98 2003/04/17 03:43:35 marka Exp $ */
 
 #ifndef DNS_RESULT_H
 #define DNS_RESULT_H 1
@@ -135,8 +135,9 @@
 #define DNS_R_CHASEDSSERVERS		(ISC_RESULTCLASS_DNS + 91)
 #define DNS_R_EMPTYNAME			(ISC_RESULTCLASS_DNS + 92)
 #define DNS_R_EMPTYWILD			(ISC_RESULTCLASS_DNS + 93)
+#define DNS_R_BADBITMAP			(ISC_RESULTCLASS_DNS + 94)
 
-#define DNS_R_NRESULTS			94	/* Number of results */
+#define DNS_R_NRESULTS			95	/* Number of results */
 
 /*
  * DNS wire format rcodes.
diff --git a/lib/dns/rdata/generic/nxt_30.c b/lib/dns/rdata/generic/nxt_30.c
index ae757aecc2..e96dd1297b 100644
--- a/lib/dns/rdata/generic/nxt_30.c
+++ b/lib/dns/rdata/generic/nxt_30.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nxt_30.c,v 1.55 2002/02/20 03:34:54 marka Exp $ */
+/* $Id: nxt_30.c,v 1.56 2003/04/17 03:43:35 marka Exp $ */
 
 /* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */
 
@@ -142,9 +142,9 @@ fromwire_nxt(ARGS_FROMWIRE) {
 	RETERR(dns_name_fromwire(&name, source, dctx, downcase, target));
 
 	isc_buffer_activeregion(source, &sr);
-	/* XXXRTH  Enforce RFC 2535 length rules if bit 0 is not set. */
-	if (sr.length > 8 * 1024)
-		return (DNS_R_EXTRADATA);
+	if (sr.length > 0 && (sr.base[0] & 0x80) == 0 &&
+	    ((sr.length > 16) || sr.base[sr.length - 1] == 0))
+		return (DNS_R_BADBITMAP);
 	RETERR(mem_tobuffer(target, sr.base, sr.length));
 	isc_buffer_forward(source, sr.length);
 	return (ISC_R_SUCCESS);
@@ -206,6 +206,10 @@ fromstruct_nxt(ARGS_FROMSTRUCT) {
 	REQUIRE(nxt->common.rdtype == type);
 	REQUIRE(nxt->common.rdclass == rdclass);
 	REQUIRE(nxt->typebits != NULL || nxt->len == 0);
+	if (nxt->typebits != NULL && (nxt->typebits[0] & 0x80) == 0) {
+		REQUIRE(nxt->len <= 16);
+		REQUIRE(nxt->typebits[nxt->len - 1] != 0);
+	}
 
 	UNUSED(type);
 	UNUSED(rdclass);
diff --git a/lib/dns/result.c b/lib/dns/result.c
index 02055bd0bf..0078afe4ff 100644
--- a/lib/dns/result.c
+++ b/lib/dns/result.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.c,v 1.107 2003/02/27 00:19:03 marka Exp $ */
+/* $Id: result.c,v 1.108 2003/04/17 03:43:35 marka Exp $ */
 
 #include <config.h>
 
@@ -141,7 +141,8 @@ static const char *text[DNS_R_NRESULTS] = {
 	"unexpected OPCODE",		       /* 90 DNS_R_UNEXPECTEDOPCODE  */
 	"chase DS servers",		       /* 91 DNS_R_CHASEDSSERVERS    */
 	"empty name",			       /* 92 DNS_R_EMPTYNAME	     */
-	"empty wild"			       /* 93 DNS_R_EMPTYWILD	     */
+	"empty wild",			       /* 93 DNS_R_EMPTYWILD	     */
+	"bad bitmap"			       /* 94 DNS_R_BADBITMAP	     */
 };
 
 static const char *rcode_text[DNS_R_NRCODERESULTS] = {