From: W.C.A. Wijngaards Date: Wed, 20 May 2026 10:37:17 +0000 (+0200) Subject: - Unit test for CVE-2026-40622. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5f21f41658f65d6143df6a3208e8ccf1a01604d;p=thirdparty%2Funbound.git - Unit test for CVE-2026-40622. --- diff --git a/doc/Changelog b/doc/Changelog index a16fab1cc..208ca24ad 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -33,6 +33,7 @@ - Unit test for CVE-2026-33278. - Unit test for CVE-2026-42944. - Unit test for CVE-2026-42959. + - Unit test for CVE-2026-40622. 18 May 2026: Wouter - Fix for mixed class referrals, the resolver uses the query diff --git a/testdata/iter_ghost_ns_childapex.rpl b/testdata/iter_ghost_ns_childapex.rpl new file mode 100644 index 000000000..2b046a86c --- /dev/null +++ b/testdata/iter_ghost_ns_childapex.rpl @@ -0,0 +1,299 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: yes + log-servfail: yes + module-config: "iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test for ghost domain with a child apex NS query. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +tld. IN NS +SECTION AUTHORITY +tld. IN NS ns.tld. +SECTION ADDITIONAL +ns.tld. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.tld +RANGE_BEGIN 0 15 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +tld. IN NS +SECTION ANSWER +tld. IN NS ns.tld +SECTION ADDITIONAL +ns.tld. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.tld. IN A +SECTION ANSWER +ns.tld. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.tld. IN AAAA +SECTION AUTHORITY +tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +mid.tld. IN NS +SECTION AUTHORITY +mid.tld. 5 IN NS ns.mid.tld. +SECTION ADDITIONAL +ns.mid.tld. 5 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.tld +RANGE_BEGIN 20 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +tld. IN NS +SECTION ANSWER +tld. IN NS ns.tld +SECTION ADDITIONAL +ns.tld. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.tld. IN A +SECTION ANSWER +ns.tld. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.tld. IN AAAA +SECTION AUTHORITY +tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR AA NXDOMAIN +SECTION QUESTION +mid.tld. IN NS +SECTION AUTHORITY +tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 +ENTRY_END +RANGE_END + +; ns.mid.tld. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +mid.tld. IN NS +SECTION ANSWER +mid.tld. 86400 IN NS ns.mid.tld. +SECTION ADDITIONAL +ns.mid.tld. 86400 IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.mid.tld. IN A +SECTION ANSWER +ns.mid.tld. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.mid.tld. IN AAAA +SECTION AUTHORITY +mid.tld. 3600 IN SOA ns.mid.tld. host.mid.tld. 20301 3600 1800 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.mid.tld. IN NS +SECTION AUTHORITY +sub.mid.tld. 3600 IN NS ns.sub.mid.tld. +SECTION ADDITIONAL +ns.sub.mid.tld. 3600 IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.mid.tld. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.mid.tld. IN NS +SECTION ANSWER +sub.mid.tld. IN NS ns.sub.mid.tld. +SECTION ADDITIONAL +ns.sub.mid.tld. IN A 1.2.3.6 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.sub.mid.tld. IN A +SECTION ANSWER +ns.sub.mid.tld. IN A 1.2.3.6 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.sub.mid.tld. IN AAAA +SECTION AUTHORITY +sub.mid.tld. 3600 IN SOA ns.sub.mid.tld. host.sub.mid.tld. 20301 3600 1800 604800 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.sub.mid.tld. IN A +SECTION ANSWER +a.sub.mid.tld. 3600 IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +b.sub.mid.tld. IN A +SECTION ANSWER +b.sub.mid.tld. 3600 IN A 10.20.30.41 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD NOERROR +SECTION QUESTION +a.sub.mid.tld. IN A +ENTRY_END + +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +a.sub.mid.tld. IN A +SECTION ANSWER +a.sub.mid.tld. 3600 IN A 10.20.30.40 +ENTRY_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD NOERROR +SECTION QUESTION +mid.tld. IN NS +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +mid.tld. IN NS +SECTION ANSWER +mid.tld. 86400 IN NS ns.mid.tld. +SECTION ADDITIONAL +ns.mid.tld. 86400 IN A 1.2.3.4 +ENTRY_END + +STEP 20 TIME_PASSES ELAPSE 10 +; The authority for .tld switches to NXDOMAIN for mid.tld. + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD NOERROR +SECTION QUESTION +b.sub.mid.tld. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +b.sub.mid.tld. IN A +SECTION ANSWER +SECTION AUTHORITY +tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 +ENTRY_END + +SCENARIO_END