From 77d95a53d0c7cf75cf72583da776307fee1f2516 Mon Sep 17 00:00:00 2001 From: Tom Thorogood Date: Tue, 15 May 2018 04:37:52 +0930 Subject: [PATCH] Handle empty NSEC3 salt in scanner (#677) Fixes #676 --- nsecx_test.go | 8 ++++++++ scan_rr.go | 12 ++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/nsecx_test.go b/nsecx_test.go index f8edd6db..74ebda3f 100644 --- a/nsecx_test.go +++ b/nsecx_test.go @@ -131,3 +131,11 @@ func TestNsec3(t *testing.T) { } } } + +func TestNsec3EmptySalt(t *testing.T) { + rr, _ := NewRR("CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM") + + if !rr.(*NSEC3).Match("com.") { + t.Fatalf("expected record to match com. label") + } +} diff --git a/scan_rr.go b/scan_rr.go index f4ccc842..fb6f95d1 100644 --- a/scan_rr.go +++ b/scan_rr.go @@ -1255,8 +1255,10 @@ func setNSEC3(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) { if len(l.token) == 0 || l.err { return nil, &ParseError{f, "bad NSEC3 Salt", l}, "" } - rr.SaltLength = uint8(len(l.token)) / 2 - rr.Salt = l.token + if l.token != "-" { + rr.SaltLength = uint8(len(l.token)) / 2 + rr.Salt = l.token + } <-c l = <-c @@ -1321,8 +1323,10 @@ func setNSEC3PARAM(h RR_Header, c chan lex, o, f string) (RR, *ParseError, strin rr.Iterations = uint16(i) <-c l = <-c - rr.SaltLength = uint8(len(l.token)) - rr.Salt = l.token + if l.token != "-" { + rr.SaltLength = uint8(len(l.token)) + rr.Salt = l.token + } return rr, nil, "" }