From: Bob Halley Date: Tue, 16 Nov 2021 15:17:02 +0000 (-0800) Subject: Do not impose 2**31-1 bounds on TTL-like things; impose 2**32-1. X-Git-Tag: v2.2.0rc1~32 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e35de75ae3df365055f62f787b3cbe4ba25364cc;p=thirdparty%2Fdnspython.git Do not impose 2**31-1 bounds on TTL-like things; impose 2**32-1. --- diff --git a/dns/ttl.py b/dns/ttl.py index 8ea52135..df92b2b6 100644 --- a/dns/ttl.py +++ b/dns/ttl.py @@ -19,7 +19,13 @@ import dns.exception -MAX_TTL = 2147483647 +# Technically TTLs are supposed to be between 0 and 2**31 - 1, with values +# greater than that interpreted as 0, but we do not impose this policy here +# as values > 2**31 - 1 occur in real world data. +# +# We leave it to applications to impose tighter bounds if desired. +MAX_TTL = 2**32 - 1 + class BadTTL(dns.exception.SyntaxError): """DNS TTL value is not well-formed.""" @@ -71,7 +77,7 @@ def from_text(text): if not current == 0: raise BadTTL("trailing integer") if total < 0 or total > MAX_TTL: - raise BadTTL("TTL should be between 0 and 2^31 - 1 (inclusive)") + raise BadTTL("TTL should be between 0 and 2**32 - 1 (inclusive)") return total diff --git a/tests/test_bugs.py b/tests/test_bugs.py index b9636a67..3080e50c 100644 --- a/tests/test_bugs.py +++ b/tests/test_bugs.py @@ -42,11 +42,6 @@ class BugsTestCase(unittest.TestCase): u"a b 100 1 60 3600 86400") self.assertEqual(rdata1, rdata2) - def test_TTL_bounds_check(self): - def bad(): - dns.ttl.from_text("2147483648") - self.assertRaises(dns.ttl.BadTTL, bad) - def test_empty_NSEC3_window(self): rdata = dns.rdata.from_text(dns.rdataclass.IN, dns.rdatatype.NSEC3, u"1 0 100 ABCD SCBCQHKU35969L2A68P3AD59LHF30715") diff --git a/tests/test_message.py b/tests/test_message.py index ad302984..ff9f550b 100644 --- a/tests/test_message.py +++ b/tests/test_message.py @@ -690,7 +690,7 @@ flags QR m = dns.message.from_wire(goodwire) self.assertIsInstance(m.flags, dns.flags.Flag) self.assertEqual(m.flags, dns.flags.Flag.RD) - + def test_continue_on_error(self): good_message = dns.message.from_text( """id 1234 @@ -700,7 +700,7 @@ flags QR AA RD ;QUESTION www.dnspython.org. IN SOA ;ANSWER -www.dnspython.org. 300 IN SOA . . 1 2 3 4 5 +www.dnspython.org. 300 IN SOA . . 1 2 3 4 4294967295 www.dnspython.org. 300 IN A 1.2.3.4 www.dnspython.org. 300 IN AAAA ::1 """) @@ -709,15 +709,12 @@ www.dnspython.org. 300 IN AAAA ::1 bad_wire = wire[:6] + b'\x00\xff' + wire[8:] # change AAAA into rdata with rdlen 0 bad_wire = bad_wire[:-18] + b'\x00' * 2 - # change SOA MINIMUM field to 0xffffffff (too large) - bad_wire = bad_wire.replace(b'\x00\x00\x00\x05', b'\xff' * 4) m = dns.message.from_wire(bad_wire, continue_on_error=True) - self.assertEqual(len(m.errors), 3) + self.assertEqual(len(m.errors), 2) print(m.errors) - self.assertEqual(str(m.errors[0].exception), 'value too large') - self.assertEqual(str(m.errors[1].exception), + self.assertEqual(str(m.errors[0].exception), 'IPv6 addresses are 16 bytes long') - self.assertEqual(str(m.errors[2].exception), + self.assertEqual(str(m.errors[1].exception), 'DNS message is malformed.') expected_message = dns.message.from_text( """id 1234 @@ -727,6 +724,7 @@ flags QR AA RD ;QUESTION www.dnspython.org. IN SOA ;ANSWER +www.dnspython.org. 300 IN SOA . . 1 2 3 4 4294967295 www.dnspython.org. 300 IN A 1.2.3.4 """) self.assertEqual(m, expected_message) diff --git a/tests/test_transaction.py b/tests/test_transaction.py index 9ac9f560..85aa9868 100644 --- a/tests/test_transaction.py +++ b/tests/test_transaction.py @@ -209,7 +209,7 @@ def test_bad_parameters(db): with pytest.raises(ValueError): foo = dns.name.from_text('foo', None) rdata = dns.rdata.from_text('in', 'a', '10.0.0.3') - txn.add(foo, 0x80000000, rdata) + txn.add(foo, 0x100000000, rdata) with pytest.raises(TypeError): txn.add(foo) with pytest.raises(TypeError):