From: Wouter Wijngaards Date: Thu, 18 Jun 2009 09:31:58 +0000 (+0000) Subject: Fixup parse problem reported by Hauke Lampe. X-Git-Tag: release-1.3.1~38 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=efcb61fb228718525cd0a85f7ebb303f549c2a4b;p=thirdparty%2Funbound.git Fixup parse problem reported by Hauke Lampe. git-svn-id: file:///svn/unbound/trunk@1669 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index b3e61895e..dddf7b481 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +18 June 2009: Wouter + - Fix of message parse bug where (specifically) an NSEC and RRSIG + in the wrong order would be parsed, but put wrongly into internal + structures so that later validation would fail. + 17 June 2009: Wouter - CREDITS entry for cz.nic, sponsoring a 'summer of code' that was used for the python code in unbound. (http://www.nic.cz/vip/ in cz). diff --git a/testdata/fwddlv_parse.rpl b/testdata/fwddlv_parse.rpl new file mode 100644 index 000000000..875052225 --- /dev/null +++ b/testdata/fwddlv_parse.rpl @@ -0,0 +1,131 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw==" + val-override-date: "20090617133009" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test parse of packet when forwarding and dlv are in use + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +org. IN NS +SECTION AUTHORITY +org. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. (for ORG) +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +org. IN NS +SECTION ANSWER +org. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +dlv.isc.org. IN NS +SECTION AUTHORITY +dlv.isc.org. IN NS ns.org. +SECTION ADDITIONAL +ns.org. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.org for dlv.isc.org +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +dlv.isc.org. IN DNSKEY +SECTION ANSWER +dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw== ;{id = 64263 (zsk), size = 1024b} +dlv.isc.org. 5072 IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh ;{id = 19297 (ksk), size = 2048b} +dlv.isc.org. 5072 IN RRSIG DNSKEY 5 3 7200 20090717133009 20090617133009 19297 dlv.isc.org. iqGOzsIQKFHcPLbJHLb/kNzcm7TlHiyT4kzTknCjKsC7DCB86YCOhnZZjvZQyA+D0N0KDgNWY8v5czbyX57qR6qORciT2zmPSTGj7CIOe4zrq60n8HzsChKgvk+RSYQrzf6vRfnZhce6Y1waXQd4wh1buPAUw/l46Ovt74ALXzcWSgfMNyx6PBz7rbusuePKeSv0GZL9+M2qhXKe9LJmnzD9uCwnbV/Y5yu+xLfxLdm9q4IKp6Rn50CeHYKf3tO2jI9dkWqFR94XHSTNGfhC02i5UsfP1HRPnk49bX7OMstuuCq9zMX+qTt602MVFYdTSHTy/5+Yw5DvOA9JgOqO4w== ;{id = 19297} +dlv.isc.org. 5072 IN RRSIG DNSKEY 5 3 7200 20090717133009 20090617133009 64263 dlv.isc.org. W1KX1PagXsaWWmxkaOfnLetnw1hhSw7ym91S4rSu14QfFbYi5iN9ZkSuKa21M7Do52S9om/2hDllMF7EFfnv9l4e4/rMOc59vKGVojpHOvZyRVhIiMyh1H9NfLTYUovORRvKO0Cnp65gBXspVf1WhzoY3pC1NZ+5pscPWLeD1rw= ;{id = 64263} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com.dlv.isc.org. IN DLV +SECTION ANSWER +SECTION AUTHORITY +dlv.isc.org. 2776 IN SOA ns-int.isc.org. hostmaster.isc.org. 2009061702 7200 3600 2419200 3600 +dlv.isc.org. 2776 IN RRSIG SOA 5 3 3600 20090717133009 20090617133009 64263 dlv.isc.org. S5iTFqF8k9XWoGq4Wajo1GQF6Oc1e5lI1kGFWyaKf3oM2asbzCbVk2aZLtyDCGjYA4euZWXD0q2vol7/1cPB5Ds4SteCuo5Jkpa/mw7mPAcbNu8mYexq1RaodVCbWrW8KSxEyVd8X5mZx2OBaSyK8zns/W5I3ZPNNLf4Kz6Zpo0= ;{id = 64263} +seatex.com.cn.dlv.isc.org. 2776 IN RRSIG NSEC 5 6 3600 20090717133009 20090617133009 64263 dlv.isc.org. Rxv7gVdu8rpWbJ3fJm7cY66IKV+C94I4/HYiDQke1m2P7hXo5bpDBBShKpIvME34ANN8Lb0cZQK9XT7NYpWjE5rjW7CaMiVjiR6U1LyDGQyK4X3wdkbv3aJcHLSg7sWsxyZXj5iVUxkU5JO3JBjo412oKQ3bh+RGi1BxTIIq09g= ;{id = 64263} +seatex.com.cn.dlv.isc.org. 2776 IN NSEC absolight.com.dlv.isc.org. RRSIG NSEC DLV +ericgermann.com.dlv.isc.org. 2776 IN RRSIG NSEC 5 5 3600 20090717133009 20090617133009 64263 dlv.isc.org. OEUizWAXsWFBzt4rN5+AUTaND8phZc4ezux06LA/Ua5N/B/LQQ1cb42eEqCQHwnGK8BsRhbsRiVywPNgnnPlL1Gy8n25gi+0qWOpA27fOwZJbO3n944gKvPDWZoDeCbdJr6AQG5Z9/Ka0ERRtHC6uI2Xn6KCQPjgTEihqhoayYg= ;{id = 64263} +ericgermann.com.dlv.isc.org. 2776 IN NSEC fayengineering.com.dlv.isc.org. RRSIG NSEC DLV +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com.dlv.isc.org. IN DLV +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD NXDOMAIN +SECTION QUESTION +www.example.com.dlv.isc.org. IN DLV +SECTION ANSWER +SECTION AUTHORITY +dlv.isc.org. 2776 IN SOA ns-int.isc.org. hostmaster.isc.org. 2009061702 7200 3600 2419200 3600 +dlv.isc.org. 2776 IN RRSIG SOA 5 3 3600 20090717133009 20090617133009 64263 dlv.isc.org. S5iTFqF8k9XWoGq4Wajo1GQF6Oc1e5lI1kGFWyaKf3oM2asbzCbVk2aZLtyDCGjYA4euZWXD0q2vol7/1cPB5Ds4SteCuo5Jkpa/mw7mPAcbNu8mYexq1RaodVCbWrW8KSxEyVd8X5mZx2OBaSyK8zns/W5I3ZPNNLf4Kz6Zpo0= ;{id = 64263} +seatex.com.cn.dlv.isc.org. 2776 IN NSEC absolight.com.dlv.isc.org. RRSIG NSEC DLV +seatex.com.cn.dlv.isc.org. 2776 IN RRSIG NSEC 5 6 3600 20090717133009 20090617133009 64263 dlv.isc.org. Rxv7gVdu8rpWbJ3fJm7cY66IKV+C94I4/HYiDQke1m2P7hXo5bpDBBShKpIvME34ANN8Lb0cZQK9XT7NYpWjE5rjW7CaMiVjiR6U1LyDGQyK4X3wdkbv3aJcHLSg7sWsxyZXj5iVUxkU5JO3JBjo412oKQ3bh+RGi1BxTIIq09g= ;{id = 64263} +ericgermann.com.dlv.isc.org. 2776 IN NSEC fayengineering.com.dlv.isc.org. RRSIG NSEC DLV +ericgermann.com.dlv.isc.org. 2776 IN RRSIG NSEC 5 5 3600 20090717133009 20090617133009 64263 dlv.isc.org. OEUizWAXsWFBzt4rN5+AUTaND8phZc4ezux06LA/Ua5N/B/LQQ1cb42eEqCQHwnGK8BsRhbsRiVywPNgnnPlL1Gy8n25gi+0qWOpA27fOwZJbO3n944gKvPDWZoDeCbdJr6AQG5Z9/Ka0ERRtHC6uI2Xn6KCQPjgTEihqhoayYg= ;{id = 64263} +ENTRY_END + +SCENARIO_END diff --git a/util/data/msgparse.c b/util/data/msgparse.c index 91642d56d..f4777c7bc 100644 --- a/util/data/msgparse.c +++ b/util/data/msgparse.c @@ -490,6 +490,8 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname, *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, *rrset_flags, dname, dnamelen, covtype, dclass); + if(!*rrset_prev) /* untwiddle if not found */ + *rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX; } if(*rrset_prev) { *prev_dname_first = (*rrset_prev)->dname; @@ -504,9 +506,9 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname, int hasother = 0; /* find matching rrsig */ *hash = pkt_hash_rrset_rest(dname_h, LDNS_RR_TYPE_RRSIG, - dclass, *rrset_flags); + dclass, 0); *rrset_prev = msgparse_hashtable_lookup(msg, pkt, *hash, - *rrset_flags, dname, dnamelen, LDNS_RR_TYPE_RRSIG, + 0, dname, dnamelen, LDNS_RR_TYPE_RRSIG, dclass); if(*rrset_prev && rrset_has_sigover(pkt, *rrset_prev, type, &hasother)) { @@ -814,17 +816,17 @@ parse_section(ldns_buffer* pkt, struct msg_parse* msg, ldns_buffer_read(pkt, &dclass, sizeof(dclass)); if(0) { /* debug show what is being parsed. */ - printf("parse of %s(%d)", + fprintf(stderr, "parse of %s(%d)", ldns_rr_descript(type)? ldns_rr_descript(type)->_name: "??", (int)type); - printf(" %s(%d) ", + fprintf(stderr, " %s(%d) ", ldns_lookup_by_id(ldns_rr_classes, (int)ntohs(dclass))?ldns_lookup_by_id( ldns_rr_classes, (int)ntohs(dclass))->name: "??", (int)ntohs(dclass)); - dname_print(stdout, pkt, dname); - printf("\n"); + dname_print(stderr, pkt, dname); + fprintf(stderr, "\n"); } /* see if it is part of an existing RR set */ @@ -842,9 +844,9 @@ parse_section(ldns_buffer* pkt, struct msg_parse* msg, return LDNS_RCODE_SERVFAIL; } else if(0) { - printf("is part of existing: "); - dname_print(stdout, pkt, rrset->dname); - printf(" type %s(%d)\n", + fprintf(stderr, "is part of existing: "); + dname_print(stderr, pkt, rrset->dname); + fprintf(stderr, " type %s(%d)\n", ldns_rr_descript(rrset->type)? ldns_rr_descript(rrset->type)->_name: "??", (int)rrset->type);