Tighten DBC restrictions on message sections

dns_message_findname and dns_message_sectiontotext incorrectly accepted
DNS_SECTION_ANY.  If DNS_SECTION_ANY was passed the section array could
be incorrectly accessed at (-1).

dns_message_pseudosectiontotext and dns_message_pseudosectiontoyaml
incorrectly accepted DNS_PSEUDOSECTION_ANY.  These functions are
designed to process a single section.

lib/dns/include/dns/message.h

@@ -434,7 +434,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
  *
  *\li	'target' is a valid buffer.
  *
- *\li	'section' is a valid section label.
+ *\li	'section' is a named section label.
  *
  * Ensures:
  *
@@ -806,7 +806,7 @@ dns_message_findname(dns_message_t *msg, dns_section_t section,
  * Requires:
  *\li	'msg' be valid.
  *
- *\li	'section' be a valid section.
+ *\li	'section' be a named section.
  *
  *\li	If a pointer to the name is desired, 'foundname' should be non-NULL.
  *	If it is non-NULL, '*foundname' MUST be NULL.

lib/dns/message.c

@@ -97,6 +97,8 @@ hexdump(const char *msg, const char *msg2, void *base, size_t len) {
 		} else                                            \
 			isc_buffer_putstr(b, s);                  \
 	}
+#define VALID_NAMED_PSEUDOSECTION(s) \
+	(((s) > DNS_PSEUDOSECTION_ANY) && ((s) < DNS_PSEUDOSECTION_MAX))
 #define VALID_PSEUDOSECTION(s) \
 	(((s) >= DNS_PSEUDOSECTION_ANY) && ((s) < DNS_PSEUDOSECTION_MAX))
 
@@ -2452,7 +2454,7 @@ dns_message_findname(dns_message_t *msg, dns_section_t section,
 	 * to be filled in, that we can in fact fill it in.
 	 */
 	REQUIRE(msg != NULL);
-	REQUIRE(VALID_SECTION(section));
+	REQUIRE(VALID_NAMED_SECTION(section));
 	REQUIRE(target != NULL);
 	REQUIRE(name == NULL || *name == NULL);
 
@@ -3302,7 +3304,7 @@ dns_message_sectiontotext(dns_message_t *msg, dns_section_t section,
 
 	REQUIRE(DNS_MESSAGE_VALID(msg));
 	REQUIRE(target != NULL);
-	REQUIRE(VALID_SECTION(section));
+	REQUIRE(VALID_NAMED_SECTION(section));
 
 	saved_count = msg->indent.count;
 
@@ -3518,7 +3520,7 @@ dns_message_pseudosectiontoyaml(dns_message_t *msg, dns_pseudosection_t section,
 
 	REQUIRE(DNS_MESSAGE_VALID(msg));
 	REQUIRE(target != NULL);
-	REQUIRE(VALID_PSEUDOSECTION(section));
+	REQUIRE(VALID_NAMED_PSEUDOSECTION(section));
 
 	saved_count = msg->indent.count;
 
@@ -3882,7 +3884,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg, dns_pseudosection_t section,
 
 	REQUIRE(DNS_MESSAGE_VALID(msg));
 	REQUIRE(target != NULL);
-	REQUIRE(VALID_PSEUDOSECTION(section));
+	REQUIRE(VALID_NAMED_PSEUDOSECTION(section));
 
 	if ((dns_master_styleflags(style) & DNS_STYLEFLAG_YAML) != 0) {
 		return (dns_message_pseudosectiontoyaml(msg, section, style,