Add system tests that imports invalid SKR file

Try to import invalid SKR file and observe whether the named is still
alive.  This test only triggers under ASAN.

(cherry picked from commit a82773ea891c54a2cd703b9d5b3d01fdf33912d4)

diff --git a/bin/tests/system/ksr/ns1/named.conf.j2 b/bin/tests/system/ksr/ns1/named.conf.j2
index 72830693215ed9022feaf1b6c1eef0f6b62b0bb7..baeebbf81f5ae9fcb4824b85556c5fb56fa81f49 100644 (file)
--- a/bin/tests/system/ksr/ns1/named.conf.j2
+++ b/bin/tests/system/ksr/ns1/named.conf.j2
@@ -93,3 +93,17 @@ dnssec-policy "ksk-roll" {
                zsk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
        };
 };
+
+dnssec-policy "invalid-skr" {
+       offline-ksk yes;
+       keys {
+               ksk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+               zsk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+       };
+};
+
+zone "invalid-skr.test" {
+       type primary;
+       file "invalid-skr.test.db";
+       dnssec-policy "invalid-skr";
+};

diff --git a/bin/tests/system/ksr/ns1/setup.sh b/bin/tests/system/ksr/ns1/setup.sh
index 2179ab251d39abf8874d28957d4c9916f0007af1..e8c932b39241e63f97b89bea84f9eea36f571017 100644 (file)
--- a/bin/tests/system/ksr/ns1/setup.sh
+++ b/bin/tests/system/ksr/ns1/setup.sh
@@ -27,3 +27,4 @@ cp template.db.in in-the-middle.test.db
 cp template.db.in unlimited.test.db
 cp template.db.in two-tone.test.db
 cp template.db.in ksk-roll.test.db
+cp template.db.in invalid-skr.test.db

diff --git a/bin/tests/system/ksr/tests_ksr.py b/bin/tests/system/ksr/tests_ksr.py
index 3f04f597d4a6156af92bcf5be2386f800c319b59..fd5f17ae4c770685b651faa005e95953e9716964 100644 (file)
--- a/bin/tests/system/ksr/tests_ksr.py
+++ b/bin/tests/system/ksr/tests_ksr.py
@@ -31,6 +31,7 @@ pytestmark = pytest.mark.extra_artifacts(
         "past.test.*",
         "two-tone.test.*",
         "unlimited.test.*",
+        "invalid-skr.test.*",
         "ns1/K*",
         "ns1/_default.nzd",
         "ns1/_default.nzf",
@@ -74,6 +75,11 @@ pytestmark = pytest.mark.extra_artifacts(
         "ns1/unlimited.test.db.signed",
         "ns1/unlimited.test.db.signed.jnl",
         "ns1/unlimited.test.unlimited.skr.1",
+        "ns1/invalid-skr.test.db",
+        "ns1/invalid-skr.test.db.jbk",
+        "ns1/invalid-skr.test.db.signed",
+        "ns1/invalid-skr.test.db.signed.jnl",
+        "ns1/invalid-skr.test.skr.1",
     ]
 )
 
@@ -1289,3 +1295,21 @@ def test_ksr_kskroll(ns1):
     isctest.kasp.check_apex(ns1, zone, ksks, zsks, offline_ksk=True)
     # - check subdomain
     isctest.kasp.check_subdomain(ns1, zone, ksks, zsks, offline_ksk=True)
+
+
+def test_ksr_oversize(ns1):
+    zone = "invalid-skr.test"
+    n = 1
+
+    skr_fname = f"{zone}.skr.{n}"
+    token_len = 5000
+    with open(skr_fname, "w", encoding="utf-8") as skr:
+        huge_token = "A" * token_len
+        skr.write(f";; SignedKeyResponse 1.0 {huge_token}\n")
+
+    # - try importing invalid SKR file
+    shutil.copyfile(skr_fname, f"ns1/{skr_fname}")
+    ns1.rndc(f"skr -import {skr_fname} {zone}")
+
+    # - check if named is still running
+    ns1.rndc("status")