From 7318b01e11efedb3dda0453a0ccbd1fd42b062ed Mon Sep 17 00:00:00 2001
From: Tom Sellers <Tom_Sellers@rapid7.com>
Date: Tue, 12 Oct 2021 06:06:29 -0500
Subject: [PATCH] APL: adjust error handling and tests (#1302)

---
 msg_helpers.go      |  6 ++----
 msg_helpers_test.go | 36 ++++++++++++++++++++++++------------
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/msg_helpers.go b/msg_helpers.go
index 5904927c..10754c8b 100644
--- a/msg_helpers.go
+++ b/msg_helpers.go
@@ -781,6 +781,8 @@ func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
 	if off+afdlen > len(msg) {
 		return APLPrefix{}, len(msg), &Error{err: "overflow unpacking APL address"}
 	}
+
+	// Address MUST NOT contain trailing zero bytes per RFC3123 Sections 4.1 and 4.2.
 	off += copy(ip, msg[off:off+afdlen])
 	if afdlen > 0 {
 		last := ip[afdlen-1]
@@ -792,10 +794,6 @@ func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
 		IP:   ip,
 		Mask: net.CIDRMask(int(prefix), 8*len(ip)),
 	}
-	network := ipnet.IP.Mask(ipnet.Mask)
-	if !network.Equal(ipnet.IP) {
-		return APLPrefix{}, len(msg), &Error{err: "invalid APL address length"}
-	}
 
 	return APLPrefix{
 		Negation: (nlen & 0x80) != 0,
diff --git a/msg_helpers_test.go b/msg_helpers_test.go
index 42b4b027..bd41e245 100644
--- a/msg_helpers_test.go
+++ b/msg_helpers_test.go
@@ -391,34 +391,42 @@ func TestUnpackDataAplPrefix_Errors(t *testing.T) {
 	tests := []struct {
 		name string
 		wire []byte
+		want string
 	}{
 		{
 			"incomplete header",
 			[]byte{0x00, 0x01, 0x18},
+			"dns: overflow unpacking APL prefix",
 		},
 		{
 			"unrecognized family",
 			[]byte{0x00, 0x03, 0x00, 0x00},
+			"dns: unrecognized APL address family",
 		},
 		{
-			"prefix length exceeded",
+			"prefix too large for family IPv4",
 			[]byte{0x00, 0x01, 0x21, 0x04, 192, 0, 2, 0},
+			"dns: APL prefix too long",
 		},
 		{
-			"address with extra byte",
-			[]byte{0x00, 0x01, 0x10, 0x03, 192, 0, 2},
+			"prefix too large for family IPv6",
+			[]byte{0x00, 0x02, 0x81, 0x85, 0x20, 0x01, 0x0d, 0xb8, 0x80},
+			"dns: APL prefix too long",
 		},
 		{
-			"incomplete buffer",
-			[]byte{0x00, 0x01, 0x10, 0x02, 192},
-		},
-		{
-			"extra bits set",
-			[]byte{0x00, 0x01, 22, 0x03, 192, 0, 2},
-		},
-		{
-			"afdlen invalid",
+			"afdlen too long for address family IPv4",
 			[]byte{0x00, 0x01, 22, 0x05, 192, 0, 2, 0, 0},
+			"dns: APL length too long",
+		},
+		{
+			"overflow unpacking APL address",
+			[]byte{0x00, 0x01, 0x10, 0x02, 192},
+			"dns: overflow unpacking APL address",
+		},
+		{
+			"address included trailing zeros",
+			[]byte{0x00, 0x01, 0x10, 0x04, 192, 0, 2, 0},
+			"dns: extra APL address bits",
 		},
 	}
 	for _, tt := range tests {
@@ -427,6 +435,10 @@ func TestUnpackDataAplPrefix_Errors(t *testing.T) {
 			if err == nil {
 				t.Fatal("expected error, got none")
 			}
+
+			if err.Error() != tt.want {
+				t.Errorf("expected %s, got %s", tt.want, err.Error())
+			}
 		})
 	}
 }