Fix off-by-one in look checks for QName iterators. (#33273)
Unit test sizes for the string `test` were off by one which
masked a off-by-one comparison in QName handling.
Update unit test and comparisons. This will disallow
backward references to "self" for qnames.
Co-authored-by: Andrei Litvin <andreilitvin@google.com>
diff --git a/src/lib/dnssd/minimal_mdns/core/QName.cpp b/src/lib/dnssd/minimal_mdns/core/QName.cpp
index 2cc6488..880c9ea 100644
--- a/src/lib/dnssd/minimal_mdns/core/QName.cpp
+++ b/src/lib/dnssd/minimal_mdns/core/QName.cpp
@@ -61,7 +61,7 @@
}
size_t offset = static_cast<size_t>(((*mCurrentPosition & 0x3F) << 8) | *(mCurrentPosition + 1));
- if (offset > mLookBehindMax)
+ if (offset >= mLookBehindMax)
{
// Potential infinite recursion.
mIsValid = false;
diff --git a/src/lib/dnssd/minimal_mdns/core/tests/TestQName.cpp b/src/lib/dnssd/minimal_mdns/core/tests/TestQName.cpp
index 5f430bd..46c0b51 100644
--- a/src/lib/dnssd/minimal_mdns/core/tests/TestQName.cpp
+++ b/src/lib/dnssd/minimal_mdns/core/tests/TestQName.cpp
@@ -135,7 +135,7 @@
{
// Infinite recursion
- static const uint8_t kData[] = "\03test\xc0\x00";
+ static const uint8_t kData[] = "\04test\xc0\x00";
SerializedQNameIterator it = AsSerializedQName(kData);
EXPECT_TRUE(it.Next());
@@ -145,7 +145,7 @@
{
// Infinite recursion by referencing own element (inside the stream)
- static const uint8_t kData[] = "\03test\xc0\x05";
+ static const uint8_t kData[] = "\04test\xc0\x05";
SerializedQNameIterator it = AsSerializedQName(kData);
EXPECT_TRUE(it.Next());
@@ -164,7 +164,7 @@
{
// Reference that goes forwad instead of backward
- static const uint8_t kData[] = "\03test\xc0\x07";
+ static const uint8_t kData[] = "\04test\xc0\x07";
SerializedQNameIterator it = AsSerializedQName(kData);
EXPECT_TRUE(it.Next());