Skip to content

Commit bed96f6

Browse files
committed
Fix TSIG record signature length and max length violation
Closes #355
1 parent c32a9b9 commit bed96f6

2 files changed

Lines changed: 19 additions & 1 deletion

File tree

src/main/java/org/xbill/DNS/TSIG.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -859,7 +859,8 @@ public int recordLength() {
859859
+ 10
860860
+ alg.length()
861861
+ 8 // time signed, fudge
862-
+ 18 // 2 byte MAC length, 16 byte MAC
862+
+ 2 // 2 byte MAC length
863+
+ algLengthMap.get(alg)
863864
+ 4 // original id, error
864865
+ 8; // 2 byte error length, 6 byte max error field.
865866
}

src/test/java/org/xbill/DNS/TSIGTest.java

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -457,6 +457,23 @@ void testFromTcpStream() throws IOException {
457457
}
458458
}
459459

460+
@Test
461+
void testLargeMessageIsNotLargerThanMax() {
462+
Update update = new Update(Name.fromConstantString("zone.example.com."));
463+
for (int i = 0; i < 3000; i++) {
464+
TXTRecord record =
465+
new TXTRecord(
466+
Name.fromConstantString("name-" + i + ".zone.example.com."), DClass.IN, 900, "a");
467+
update.absent(record.name, record.type);
468+
update.add(record);
469+
}
470+
471+
TSIG tsigKey = new TSIG(TSIG.HMAC_SHA384, "zone.example.com.", "c2VjcmU=");
472+
update.setTSIG(tsigKey);
473+
byte[] wireData = update.toWire(Message.MAXLENGTH);
474+
assertThat(wireData.length).isLessThan(Message.MAXLENGTH);
475+
}
476+
460477
@Test
461478
void testAxfrLastNotSignedError() throws Exception {
462479
Name name = Name.fromConstantString("example.com.");

0 commit comments

Comments
 (0)