From: Ondřej Surý Date: Thu, 7 Nov 2019 09:26:04 +0000 (+0100) Subject: Fix the get_keyids() usage as it could return multiple key ids X-Git-Tag: v9.15.6~24^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88bfce0993cfccc1e306a962c4902d756bcd1b08;p=thirdparty%2Fbind9.git Fix the get_keyids() usage as it could return multiple key ids The get_keyids() function can return multiple keyids, when the return value was not quoted, only the first keyid would be checked with check_key() function. This MR fixes both the error that came with quoting the "$id" with value "12345 54321", and the code now checks all returned keyids. --- diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index 8fede0f1128..f1cfb25b7ea 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -135,7 +135,7 @@ get_keyids() { _end=".key" if [ "$_algorithm" -ne 0 ]; then - find "${_dir}" -mindepth 1 -maxdepth 1 -name "${_start}*${_end}" | sed "s/$_dir\/K${_zone}.+${_algorithm}+\([0-9]\{5\}\)${_end}/\1/" + find "${_dir}" -mindepth 1 -maxdepth 1 -name "${_start}*${_end}" | sed "s,$_dir/K${_zone}.+${_algorithm}+\([0-9]\{5\}\)${_end},\1," fi } @@ -245,7 +245,7 @@ check_key() { _dir="$DIR" _zone="$ZONE" _role=$(key_get "$1" ROLE) - _key_idpad=$2 + _key_idpad="$2" _key_id=$(echo "$_key_idpad" | sed 's/^0*//') _alg_num=$(key_get "$1" ALG_NUM) _alg_numpad=$(printf "%03d" "$_alg_num") @@ -288,7 +288,7 @@ check_key() { PRIVATE_FILE="${BASE_FILE}.private" STATE_FILE="${BASE_FILE}.state" KEY_ID="${_key_id}" - + test $_log -eq 1 && echo_i "check key $BASE_FILE" # Check the public key file. @@ -477,8 +477,10 @@ _log=0 key_properties "KEY1" "csk" "31536000" "13" "ECDSAP256SHA256" "256" "yes" "yes" key_timings "KEY1" "none" "none" "none" "none" "none" key_states "KEY1" "none" "none" "none" "none" "none" -id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") -check_key "KEY1" "$id" +ids=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") +for id in $ids; do + check_key "KEY1" "$id" +done test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) # Check the other algorithm. @@ -522,8 +524,10 @@ key_states "KEY1" "none" "none" "none" "none" "none" $KEYGEN -k "$POLICY" "$ZONE" > "keygen.out.$POLICY.test$n" 2>/dev/null || ret=1 lines=$(wc -l < "keygen.out.default.test$n") test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines" -id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") -check_key "KEY1" "$id" +ids=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") +for id in $ids; do + check_key "KEY1" "$id" +done test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -537,8 +541,10 @@ key_states "KEY1" "none" "none" "none" "none" "none" $KEYGEN -k "$POLICY" "$ZONE" > "keygen.out.$POLICY.test$n" 2>/dev/null || ret=1 lines=$(wc -l < "keygen.out.$POLICY.test$n") test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines" -id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") -check_key "KEY1" "$id" +ids=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") +for id in $ids; do + check_key "KEY1" "$id" +done test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -640,8 +646,10 @@ key_states "KEY1" "omnipresent" "rumoured" "rumoured" "rumoured" "hidden" n=$((n+1)) echo_i "check key is created for zone ${ZONE} ($n)" ret=0 -id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") -check_key "KEY1" "$id" +ids=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") +for id in $ids; do + check_key "KEY1" "$id" +done test "$ret" -eq 0 || echo_i "failed" status=$((status+ret))