]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 06d8b10)
check that bits 64..71 in a dns64 prefix are zero
authorMark Andrews <marka@isc.org>
Tue, 23 Jul 2019 18:53:13 +0000 (04:53 +1000)
committerMark Andrews <marka@isc.org>
Wed, 31 Jul 2019 11:51:11 +0000 (21:51 +1000)
12 files changed:
bin/tests/system/dns64/conf/bad10.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad11.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad12.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad13.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad14.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad15.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad16.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad17.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad18.conf [new file with mode: 0644] patch | blob
bin/tests/system/dns64/conf/bad19.conf [new file with mode: 0644] patch | blob
doc/arm/Bv9ARM-book.xml patch | blob | blame | history
lib/bind9/check.c patch | blob | blame | history

diff --git a/bin/tests/system/dns64/conf/bad10.conf b/bin/tests/system/dns64/conf/bad10.conf
new file mode 100644 (file)
index 0000000..efd5d20
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad10.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:0100:000f::/96 { };  /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad11.conf b/bin/tests/system/dns64/conf/bad11.conf
new file mode 100644 (file)
index 0000000..0e420a5
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad11.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:0200:000f::/96 { }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad12.conf b/bin/tests/system/dns64/conf/bad12.conf
new file mode 100644 (file)
index 0000000..539b184
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad12.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:0400:000f::/96 { }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad13.conf b/bin/tests/system/dns64/conf/bad13.conf
new file mode 100644 (file)
index 0000000..3728ecf
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad13.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:0800:000f::/96 { }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad14.conf b/bin/tests/system/dns64/conf/bad14.conf
new file mode 100644 (file)
index 0000000..c2ac4f9
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad14.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:1000:000f::/96 { }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad15.conf b/bin/tests/system/dns64/conf/bad15.conf
new file mode 100644 (file)
index 0000000..357ae80
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad15.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:2000:000f::/96 { }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad16.conf b/bin/tests/system/dns64/conf/bad16.conf
new file mode 100644 (file)
index 0000000..5e17457
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad16.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:4000:000f::/96 { }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad17.conf b/bin/tests/system/dns64/conf/bad17.conf
new file mode 100644 (file)
index 0000000..71966d2
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad17.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 0000:0000:0000:0000:8000:000f::/96 { }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad18.conf b/bin/tests/system/dns64/conf/bad18.conf
new file mode 100644 (file)
index 0000000..82fac1a
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad18.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 ::/32 { suffix ::8000:0000:0000:0000; }; /* bits [64..71] MBZ */
+};
diff --git a/bin/tests/system/dns64/conf/bad19.conf b/bin/tests/system/dns64/conf/bad19.conf
new file mode 100644 (file)
index 0000000..79290c1
--- /dev/null
+++ b/bin/tests/system/dns64/conf/bad19.conf
@@ -0,0 +1,3 @@
+options {
+       dns64 ::/32 { suffix ::0100:0000:0000:0000; }; /* bits [64..71] MBZ */
+};
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 706fab661ac13f7dbcb1cffff80563a91642ffac..09dca7f4c1ec8b39d04a9ac2cef8ff54b82d86e4 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -5148,7 +5148,9 @@ options {
              </para>
              <para>
                Compatible IPv6 prefixes have lengths of 32, 40, 48, 56,
-               64 and 96 as per RFC 6052.
+               64 and 96 as per RFC 6052.  Bits 64..71 inclusive must
+               be zero with the most significate bit of the prefix in
+               position 0.
              </para>
              <para>
                Additionally a reverse IP6.ARPA zone will be created for
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index cae5b9ceb1abbc0c588ca9513da3e785f3acbf62..976235626a8f033ec7c47a0649c3975b4e235c85 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -526,6 +526,13 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
                        continue;
                }
 
+               if (na.type.in6.s6_addr[8] != 0) {
+                       cfg_obj_log(map, logctx, ISC_LOG_ERROR,
+                                "invalid prefix, bits [64..71] must be zero");
+                       result = ISC_R_FAILURE;
+                       continue;
+               }
+
                if (prefixlen != 32 && prefixlen != 40 && prefixlen != 48 &&
                    prefixlen != 56 && prefixlen != 64 && prefixlen != 96) {
                        cfg_obj_log(map, logctx, ISC_LOG_ERROR,
Mirror of https://gitlab.isc.org/isc-projects/bind9.git