From: Mark Andrews Date: Fri, 10 Apr 2026 03:05:31 +0000 (+1000) Subject: Checking invalid TSIG key name in a catalog zone X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c27c899968a9fc1866d0fb691fef11241fce571b;p=thirdparty%2Fbind9.git Checking invalid TSIG key name in a catalog zone (cherry picked from commit 213e59ccf56f4d66cf65f363be4563f2e853d12f) --- diff --git a/bin/tests/system/catz/clean.sh b/bin/tests/system/catz/clean.sh index b021f3baac2..9bfa66a06a1 100644 --- a/bin/tests/system/catz/clean.sh +++ b/bin/tests/system/catz/clean.sh @@ -21,6 +21,7 @@ rm -f ns*/named.run rm -f ns*/named.run.prev rm -f ns1/*dom*example.db rm -f ns2/__catz__*db +rm -f ns2/catalog-bad6.example.db rm -f ns2/named.conf.tmp rm -f ns3/dom13.example.db ns3/dom14.example.db rm -f ns4/catalog-self.example.db diff --git a/bin/tests/system/catz/ns1/catalog-bad6.example.db b/bin/tests/system/catz/ns1/catalog-bad6.example.db new file mode 100644 index 00000000000..7e2c2eaab51 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad6.example.db @@ -0,0 +1,18 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN TXT "1" +deadbeef.zones IN PTR member.example. +mykey.masters.deadbeef.zones IN A 192.0.2.1 +; bad key name label too big +mykey.masters.deadbeef.zones IN TXT "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.com" diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in index b64b4d5dbfa..fe0ed912cbc 100644 --- a/bin/tests/system/catz/ns1/named.conf.in +++ b/bin/tests/system/catz/ns1/named.conf.in @@ -61,6 +61,16 @@ zone "catalog4.example" { /* catalog5 is missing on purpose */ +# Bad TSIG key name +zone "catalog-bad6.example" { + type primary; + file "catalog-bad6.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; +}; + key tsig_key. { secret "LSAnCU+Z"; algorithm @DEFAULT_HMAC@; diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in index 38381eb2e7e..f2796bdebc1 100644 --- a/bin/tests/system/catz/ns2/named1.conf.in +++ b/bin/tests/system/catz/ns2/named1.conf.in @@ -43,6 +43,8 @@ options { #T1 default-masters { 10.53.0.1; }; #T2 zone "catalog5.example" #T2 default-masters { 10.53.0.1; }; + zone "catalog-bad6.example" + default-masters { 10.53.0.1; }; }; }; @@ -78,6 +80,13 @@ zone "catalog4.example" { primaries { 10.53.0.1; }; }; +# Bad TSIG key name +zone "catalog-bad6.example" { + type secondary; + file "catalog-bad6.example.db"; + primaries { 10.53.0.1; }; +}; + # When the following zone configuration is enabled, "dom3.example" should # already exist as a member of "catalog1.example", and named should be able # to deal with that situation (see GL #3911). Make sure that this duplicate diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in index c167310e8df..43f149bdb9d 100644 --- a/bin/tests/system/catz/ns2/named2.conf.in +++ b/bin/tests/system/catz/ns2/named2.conf.in @@ -56,6 +56,13 @@ zone "catalog4.example" { primaries { 10.53.0.1; }; }; +# Bad TSIG key name +zone "catalog-bad6.example" { + type secondary; + file "catalog-bad6.example.db"; + primaries { 10.53.0.1; }; +}; + key tsig_key. { secret "LSAnCU+Z"; algorithm @DEFAULT_HMAC@; diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 4faa366eed2..9cea5f59eb8 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -81,6 +81,17 @@ wait_for_no_zonefile() ( status=0 n=0 + +########################################################################## + +echo_i "checking that catalog-bad6.example (invalid TSIG key name) is handled ($n)" +ret=0 +wait_for_message ns2/named.run "catz: unknown record in catalog zone - mykey.masters.deadbeef.zones.catalog-bad6.example IN TXT(label too long) - ignoring" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +nextpart ns2/named.run >/dev/null + ########################################################################## echo_i "Testing adding/removing of domain in catalog zone" n=$((n + 1))