- Added test for leak of stub information.

git-svn-id: file:///svn/unbound/trunk@4141 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index cdb395287a4ffa2e7d50d45e4db6807adaa00cbd..dde9f66838ecb3584293413950a39e374dd2ada0 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+2 May 2017: Wouter
+       - Added test for leak of stub information.
+
 1 May 2017: Wouter
        - Fix #1259: "--disable-ecdsa" argument overwritten 
          by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".

diff --git a/testcode/replay.c b/testcode/replay.c
index b45bde8067298ce7a43d5c56d3db826d10d863b6..085c314759fdfce287ce41355a67f360f979db85 100644 (file)
--- a/testcode/replay.c
+++ b/testcode/replay.c
@@ -488,6 +488,7 @@ replay_scenario_read(FILE* in, const char* name, int* lineno)
                        return scen;
                }
        }
+       log_err("scenario read failed at line %d (no SCENARIO_END?)", *lineno);
        replay_scenario_delete(scen);
        return NULL;
 }

diff --git a/testdata/iter_stub_leak.rpl b/testdata/iter_stub_leak.rpl
new file mode 100644 (file)
index 0000000..2f07340
--- /dev/null
+++ b/testdata/iter_stub_leak.rpl
@@ -0,0 +1,142 @@
+; config options
+server:
+        target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+        name: "."
+       stub-addr: 193.0.14.129
+stub-zone:
+       name: "example.com"
+       stub-addr: 10.0.1.1
+CONFIG_END
+
+SCENARIO_BEGIN Test stub zone leaking to the internet on last resort fallback
+
+; root server
+RANGE_BEGIN 0 100
+       ADDRESS 193.0.14.129
+
+; root prime
+ENTRY_BEGIN
+MATCH
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS k.root-servers.net.
+SECTION ADDITIONAL
+k.root-servers.net. IN A 193.0.14.129
+ENTRY_END
+
+RANGE_END
+
+; stub server for example.com
+RANGE_BEGIN 0 100
+       ADDRESS 10.0.1.1
+
+; subzone is delegated
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+subzone.example.com. IN A
+SECTION AUTHORITY
+subzone.example.com. IN NS sub-ns1.example.com.
+subzone.example.com. IN NS sub-ns2.example.com.
+SECTION ADDITIONAL
+sub-ns1.example.com. IN A 10.0.2.3
+sub-ns2.example.com. IN A 10.0.2.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode question
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub-ns1.example.com. IN A
+SECTION ANSWER
+sub-ns1.example.com. IN A 10.0.2.3
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode question
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub-ns2.example.com. IN A
+SECTION ANSWER
+sub-ns2.example.com. IN A 10.0.2.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode question
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub-ns1.example.com. IN AAAA
+SECTION AUTHORITY
+example.com. 300 SOA master.example.com etc 1 2 3 4 300
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode question
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub-ns2.example.com. IN AAAA
+SECTION AUTHORITY
+example.com. 300 SOA master.example.com etc 1 2 3 4 300
+ENTRY_END
+
+RANGE_END
+
+; stub server for subzone.example.com
+RANGE_BEGIN 0 100
+       ADDRESS 10.0.2.3
+; match anything, servfail
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR SERVFAIL
+SECTION QUESTION
+subzone.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; stub server for subzone.example.com
+RANGE_BEGIN 0 100
+       ADDRESS 10.0.2.4
+; match anything, servfail
+ENTRY_BEGIN
+MATCH opcode
+ADJUST copy_id copy_query
+REPLY QR SERVFAIL
+SECTION QUESTION
+subzone.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+whatever.subzone.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+; the query should not leak subzone ns queries to the internet
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+whatever.subzone.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+ENTRY_END
+
+SCENARIO_END