Fix TSIG record signature length and max length violation

ibauersachs · ibauersachs · commit bed96f60d550 · 2024-12-15T18:22:35.000+01:00
Closes #355
diff --git a/src/main/java/org/xbill/DNS/TSIG.java b/src/main/java/org/xbill/DNS/TSIG.java
@@ -859,7 +859,8 @@ public int recordLength() {
         + 10
         + alg.length()
         + 8 // time signed, fudge
-        + 18 // 2 byte MAC length, 16 byte MAC
+        + 2 // 2 byte MAC length
+        + algLengthMap.get(alg)
         + 4 // original id, error
         + 8; // 2 byte error length, 6 byte max error field.
   }
diff --git a/src/test/java/org/xbill/DNS/TSIGTest.java b/src/test/java/org/xbill/DNS/TSIGTest.java
@@ -457,6 +457,23 @@ void testFromTcpStream() throws IOException {
     }
   }
 
+  @Test
+  void testLargeMessageIsNotLargerThanMax() {
+    Update update = new Update(Name.fromConstantString("zone.example.com."));
+    for (int i = 0; i < 3000; i++) {
+      TXTRecord record =
+          new TXTRecord(
+              Name.fromConstantString("name-" + i + ".zone.example.com."), DClass.IN, 900, "a");
+      update.absent(record.name, record.type);
+      update.add(record);
+    }
+
+    TSIG tsigKey = new TSIG(TSIG.HMAC_SHA384, "zone.example.com.", "c2VjcmU=");
+    update.setTSIG(tsigKey);
+    byte[] wireData = update.toWire(Message.MAXLENGTH);
+    assertThat(wireData.length).isLessThan(Message.MAXLENGTH);
+  }
+
   @Test
   void testAxfrLastNotSignedError() throws Exception {
     Name name = Name.fromConstantString("example.com.");
