- Fix parse error on negative SOA RRSIGs if badly ordered in the packet.

git-svn-id: file:///svn/unbound/trunk@2573 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index fb3b07534690dbdc9305973e9e9fb982983b97e0..8ea7996d893b0df15b92c1406480405fbe61082f 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 15 December 2011: Wouter
        - remove uninit warning from cachedump code.
+       - Fix parse error on negative SOA RRSIGs if badly ordered in the packet.
 
 13 December 2011: Wouter
        - iana portlist updated.

diff --git a/testcode/unitmsgparse.c b/testcode/unitmsgparse.c
index 9fadfc88840b0cb4cf877766a8bc9c1991d02b3a..434239507b4743698c4ae554c4f9aa5146f5862b 100644 (file)
--- a/testcode/unitmsgparse.c
+++ b/testcode/unitmsgparse.c
@@ -59,6 +59,8 @@ static int check_formerr_gone = 0;
 static int matches_nolocation = 0;
 /** see if RRSIGs are properly matched to RRsets. */
 static int check_rrsigs = 0;
+/** do not check buffer sameness */
+static int check_nosameness = 0;
 
 /** match two rr lists */
 static int
@@ -431,7 +433,8 @@ testpkt(ldns_buffer* pkt, struct alloc_cache* alloc, ldns_buffer* out,
                if(vbmp) printf("inlen %u outlen %u\n", 
                        (unsigned)ldns_buffer_limit(pkt),
                        (unsigned)ldns_buffer_limit(out));
-               test_buffers(pkt, out);
+               if(!check_nosameness)
+                       test_buffers(pkt, out);
                if(check_rrsigs)
                        check_the_rrsigs(&qi, rep);
 
@@ -607,6 +610,12 @@ void msgparse_test(void)
        testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.8");
        check_formerr_gone = 0;
 
+       check_rrsigs = 1;
+       check_nosameness = 1;
+       testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.9");
+       check_nosameness = 0;
+       check_rrsigs = 0;
+
        /* cleanup */
        alloc_clear(&alloc);
        alloc_clear(&super_a);

diff --git a/testdata/test_packets.9 b/testdata/test_packets.9
new file mode 100644 (file)
index 0000000..72dbac0
--- /dev/null
+++ b/testdata/test_packets.9
@@ -0,0 +1,23 @@
+; Test that RRSIG(SOA) is matched with the SOA record.
+; Test that FORMERR no longer happens.
+; This is output from the PowerDNS online signer.
+;
+;-- next packet --
+E2C084000001000000040
+0010E686F74656C6C73616E746961676F02736500000F0001C00C0006000100000E10002C036E733
+30662696E65726FC01B087265676973747279C0334EDFD75C0000A8C000000E1000093A8000000E1
+02075616D326963717673707635356136746A306C6C32336B71376E766D666E6136C00C003200010
+0001C2000240100000101AB14D7425114B28CE784C3A3D9B8FC5D920A8D7B5570000762000000000
+290C00C002E000100001C2000A50006080200001C204EE938804ED6C38085F80E686F74656C6C736
+16E746961676F02736500442DF70F92FCFDF5F5D3560194FCDE01B91CE6AC00910CDDA550F985C84
+F4FA1FD8DFD
+957F4382C276FD26E5A
+3C10C494DCB6D0132F930595A0901D4E0616679EA426F7D45A683CA7236F8532C1E3B3B82EF6B0C0
+2E43999F8B8FF0B001968E10AFAEFA7774FC003ED0E43DDEA776596AFD91DADECA5AD505107F97AC
+467264EC05B002E000100001C2000A50032080300001C204EE938804ED6C38085F80E686F74656C6
+C73616E746961676F027365000D4700DE3055046F2CC0529307903D40FEFC7ECFF29BB5B6B7427EB
+11B06669605B1ADFC070DAF801FB3EB59446F6C7BE5D4BC7C725BFEF2F5F416BCC8A090692F5CE76
+85923DD102677C9224E69FF10167EF8C0EC18070E986E9F0266C7CBB3270A9CD6C562157EC1074B6
+F48553DD58BBE
+12A63202C9A1DB7DA5F8560849580000295800000080000000
+

diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index adf7065e35d18d25c58f0e3b27cb8ea972ccb1c7..a03f543e827b5c656969ee9ea329cbeea1fa4ca4 100644 (file)
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -504,6 +504,17 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname,
                        if(!*rrset_prev) /* untwiddle if not found */
                                *rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX;
                }
+               if(!*rrset_prev && covtype == LDNS_RR_TYPE_SOA) {
+                       /* if SOA try with SOA neg flag twiddled */
+                       *rrset_flags ^= PACKED_RRSET_SOA_NEG;
+                       *hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, 
+                               *rrset_flags);
+                       *rrset_prev = msgparse_hashtable_lookup(msg, pkt, 
+                               *hash, *rrset_flags, dname, dnamelen, covtype, 
+                               dclass);
+                       if(!*rrset_prev) /* untwiddle if not found */
+                               *rrset_flags ^= PACKED_RRSET_SOA_NEG;
+               }
                if(*rrset_prev) {
                        *prev_dname_first = (*rrset_prev)->dname;
                        *prev_dname_last = dname;