From: Mark Andrews Date: Fri, 31 Jul 2020 10:36:14 +0000 (+1000) Subject: Check rcode is FORMERR X-Git-Tag: v9.17.4~15^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88ff6b846c652ea903913d58787fb4fe4c82ab91;p=thirdparty%2Fbind9.git Check rcode is FORMERR --- diff --git a/bin/tests/system/packet.pl b/bin/tests/system/packet.pl index 4cf1a775c16..30500630ec1 100644 --- a/bin/tests/system/packet.pl +++ b/bin/tests/system/packet.pl @@ -46,12 +46,12 @@ use IO::File; use IO::Socket; sub usage { - print ("Usage: packet.pl [-a address] [-p port] [-t (tcp|udp)] [file]\n"); + print ("Usage: packet.pl [-a address] [-p port] [-t (tcp|udp)] -d [file]\n"); exit 1; } my %options={}; -getopts("a:p:t:", \%options); +getopts("a:dp:t:", \%options); my $addr = "127.0.0.1"; $addr = $options{a} if defined $options{a}; @@ -96,5 +96,38 @@ if ($proto eq "udp") { } print ("sent $bytes bytes to $addr:$port\n"); +if (defined $options{d}) { + use Net::DNS; + use Net::DNS::Packet; + + my $rin; + my $rout; + $rin = ''; + vec($rin, fileno($sock), 1) = 1; + select($rout = $rin, undef, undef, 1); + if (vec($rout, fileno($sock), 1)) {{ + my $buf; + if ($proto eq "udp") { + $sock->recv($buf, 512); + } else { + my $n = $sock->sysread($buf, 2); + last unless $n == 2; + my $len = unpack("n", $buf); + $n = $sock->sysread($buf, $len); + last unless $n == $len; + } + + my $response; + if ($Net::DNS::VERSION > 0.68) { + $response = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($response, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } + $response->print; + }} +} $sock->close; close $file; diff --git a/bin/tests/system/tsig/badlocation b/bin/tests/system/tsig/badlocation new file mode 100644 index 00000000000..44774236442 --- /dev/null +++ b/bin/tests/system/tsig/badlocation @@ -0,0 +1,37 @@ +# Transaction ID +1122 +# Standard query +0000 +# Questions: 1, Additional: 1 +0001 0000 0001 0000 +# QNAME: isc.org +03 69 73 63 03 6F 72 67 00 +# Type: A (Host Address) +0001 +# Class: IN +0001 +# Specially crafted TSIG Resource Record +# Name: "sha256" +06 73 68 61 32 35 36 00 +# Type: TSIG (Transaction Signature) +00fa +# Class: ANY +00ff +# TTL: 0 +00000000 +# RdLen: 29 +001d +# Algorithm Name: hmac-sha256 +0b 68 6D 61 63 2D 73 68 61 32 35 36 00 +# Time Signed: Jan 1, 1970 01:00:00.000000000 CET +00 00 00 00 00 00 +# Fudge: 300 +012c +# MAC Size: 0; MAC: empty +0000 +# Original ID: 0 +0000 +# Error: no error +0000 +# Other Data Length: 0 +0000 diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh index 38505bcaf62..c7f0e3a4405 100644 --- a/bin/tests/system/tsig/clean.sh +++ b/bin/tests/system/tsig/clean.sh @@ -21,3 +21,4 @@ rm -f ns*/named.lock rm -f Kexample.net.* rm -f keygen.out? rm -f ns*/managed-keys.bind* +rm -f packet.out diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh index 132fd7a24da..d48eea11c61 100644 --- a/bin/tests/system/tsig/tests.sh +++ b/bin/tests/system/tsig/tests.sh @@ -221,5 +221,17 @@ if [ $ret -eq 1 ] ; then echo_i "failed"; status=1 fi +if "$PERL" -e 'use Net::DNS; use Net::DNS::Packet;' > /dev/null 2>&1 +then + echo_i "check that TSIG in the wrong place returns FORMERR" + ret=0 + $PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t udp -d < badlocation > packet.out + grep "rcode = FORMERR" packet.out > /dev/null || ret=1 + if [ $ret -eq 1 ] ; then + echo_i "failed"; status=1 + fi +fi + + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/util/copyrights b/util/copyrights index 00608021d93..d50730d93ed 100644 --- a/util/copyrights +++ b/util/copyrights @@ -861,6 +861,7 @@ ./bin/tests/system/tools/clean.sh SH 2017,2018,2019,2020 ./bin/tests/system/tools/setup.sh SH 2019,2020 ./bin/tests/system/tools/tests.sh SH 2017,2018,2019,2020 +./bin/tests/system/tsig/badlocation X 2020 ./bin/tests/system/tsig/badtime X 2020 ./bin/tests/system/tsig/clean.sh SH 2005,2006,2007,2012,2014,2016,2018,2019,2020 ./bin/tests/system/tsig/setup.sh SH 2016,2017,2018,2019,2020