From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 15 Dec 2011 13:37:13 +0000 (+0000)
Subject: - Fix parse error on negative SOA RRSIGs if badly ordered in the packet.
X-Git-Tag: release-1.4.14~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65ad15da56db55257620cc80f475b3455b9f581c;p=thirdparty%2Funbound.git

- Fix parse error on negative SOA RRSIGs if badly ordered in the packet.


git-svn-id: file:///svn/unbound/trunk@2573 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index fb3b07534..8ea7996d8 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 15 December 2011: Wouter
 	- remove uninit warning from cachedump code.
+	- Fix parse error on negative SOA RRSIGs if badly ordered in the packet.
 
 13 December 2011: Wouter
 	- iana portlist updated.
diff --git a/testcode/unitmsgparse.c b/testcode/unitmsgparse.c
index 9fadfc888..434239507 100644
--- a/testcode/unitmsgparse.c
+++ b/testcode/unitmsgparse.c
@@ -59,6 +59,8 @@ static int check_formerr_gone = 0;
 static int matches_nolocation = 0;
 /** see if RRSIGs are properly matched to RRsets. */
 static int check_rrsigs = 0;
+/** do not check buffer sameness */
+static int check_nosameness = 0;
 
 /** match two rr lists */
 static int
@@ -431,7 +433,8 @@ testpkt(ldns_buffer* pkt, struct alloc_cache* alloc, ldns_buffer* out,
 		if(vbmp) printf("inlen %u outlen %u\n", 
 			(unsigned)ldns_buffer_limit(pkt),
 			(unsigned)ldns_buffer_limit(out));
-		test_buffers(pkt, out);
+		if(!check_nosameness)
+			test_buffers(pkt, out);
 		if(check_rrsigs)
 			check_the_rrsigs(&qi, rep);
 
@@ -607,6 +610,12 @@ void msgparse_test(void)
 	testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.8");
 	check_formerr_gone = 0;
 
+	check_rrsigs = 1;
+	check_nosameness = 1;
+	testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.9");
+	check_nosameness = 0;
+	check_rrsigs = 0;
+
 	/* cleanup */
 	alloc_clear(&alloc);
 	alloc_clear(&super_a);
diff --git a/testdata/test_packets.9 b/testdata/test_packets.9
new file mode 100644
index 000000000..72dbac05e
--- /dev/null
+++ b/testdata/test_packets.9
@@ -0,0 +1,23 @@
+; Test that RRSIG(SOA) is matched with the SOA record.
+; Test that FORMERR no longer happens.
+; This is output from the PowerDNS online signer.
+;
+;-- next packet --
+E2C084000001000000040
+0010E686F74656C6C73616E746961676F02736500000F0001C00C0006000100000E10002C036E733
+30662696E65726FC01B087265676973747279C0334EDFD75C0000A8C000000E1000093A8000000E1
+02075616D326963717673707635356136746A306C6C32336B71376E766D666E6136C00C003200010
+0001C2000240100000101AB14D7425114B28CE784C3A3D9B8FC5D920A8D7B5570000762000000000
+290C00C002E000100001C2000A50006080200001C204EE938804ED6C38085F80E686F74656C6C736
+16E746961676F02736500442DF70F92FCFDF5F5D3560194FCDE01B91CE6AC00910CDDA550F985C84
+F4FA1FD8DFD
+957F4382C276FD26E5A
+3C10C494DCB6D0132F930595A0901D4E0616679EA426F7D45A683CA7236F8532C1E3B3B82EF6B0C0
+2E43999F8B8FF0B001968E10AFAEFA7774FC003ED0E43DDEA776596AFD91DADECA5AD505107F97AC
+467264EC05B002E000100001C2000A50032080300001C204EE938804ED6C38085F80E686F74656C6
+C73616E746961676F027365000D4700DE3055046F2CC0529307903D40FEFC7ECFF29BB5B6B7427EB
+11B06669605B1ADFC070DAF801FB3EB59446F6C7BE5D4BC7C725BFEF2F5F416BCC8A090692F5CE76
+85923DD102677C9224E69FF10167EF8C0EC18070E986E9F0266C7CBB3270A9CD6C562157EC1074B6
+F48553DD58BBE
+12A63202C9A1DB7DA5F8560849580000295800000080000000
+
diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index adf7065e3..a03f543e8 100644
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -504,6 +504,17 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname,
 			if(!*rrset_prev) /* untwiddle if not found */
 				*rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX;
 		}
+		if(!*rrset_prev && covtype == LDNS_RR_TYPE_SOA) {
+			/* if SOA try with SOA neg flag twiddled */
+			*rrset_flags ^= PACKED_RRSET_SOA_NEG;
+			*hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, 
+				*rrset_flags);
+			*rrset_prev = msgparse_hashtable_lookup(msg, pkt, 
+				*hash, *rrset_flags, dname, dnamelen, covtype, 
+				dclass);
+			if(!*rrset_prev) /* untwiddle if not found */
+				*rrset_flags ^= PACKED_RRSET_SOA_NEG;
+		}
 		if(*rrset_prev) {
 			*prev_dname_first = (*rrset_prev)->dname;
 			*prev_dname_last = dname;