From: Peter van Dijk Date: Mon, 29 Apr 2013 13:57:33 +0000 (+0200) Subject: make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy... X-Git-Tag: auth-3.3-rc1~156 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27ff60a38195e69b544ad8be23c7f96f7ea2b971;p=thirdparty%2Fpdns.git make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy Bergman. Includes test. Needs additional recursor verification. --- diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc index 52820458e9..a1e1315f7a 100644 --- a/pdns/dnsparser.cc +++ b/pdns/dnsparser.cc @@ -502,8 +502,13 @@ void PacketReader::xfrHexBlob(string& blob, bool keepReading) xfrBlob(blob); } -string simpleCompress(const string& label, const string& root) +string simpleCompress(const string& elabel, const string& root) { + string label=elabel; + // FIXME: this relies on the semi-canonical escaped output from getLabelFromContent + boost::replace_all(label, "\\.", "."); + boost::replace_all(label, "\\032", " "); + boost::replace_all(label, "\\\\", "\\"); typedef vector > parts_t; parts_t parts; vstringtok(parts, label, "."); diff --git a/pdns/dnswriter.cc b/pdns/dnswriter.cc index d48e95e14f..d8b549c51a 100644 --- a/pdns/dnswriter.cc +++ b/pdns/dnswriter.cc @@ -237,6 +237,7 @@ void DNSPacketWriter::xfrLabel(const string& Label, bool compress) if(unescaped) { string part(label.c_str() + i -> first, i->second - i->first); + // FIXME: this relies on the semi-canonical escaped output from getLabelFromContent boost::replace_all(part, "\\.", "."); boost::replace_all(part, "\\032", " "); boost::replace_all(part, "\\\\", "\\"); diff --git a/regression-tests/space-name/command b/regression-tests/space-name/command new file mode 100755 index 0000000000..c1b7fa4d20 --- /dev/null +++ b/regression-tests/space-name/command @@ -0,0 +1,2 @@ +#!/bin/sh +cleandig 'space name'.example.com A dnssec diff --git a/regression-tests/space-name/description b/regression-tests/space-name/description new file mode 100644 index 0000000000..56c31b404d --- /dev/null +++ b/regression-tests/space-name/description @@ -0,0 +1,2 @@ +Make sure we answer queries with spaces in the name correctly, including the +right NSEC(3) records. diff --git a/regression-tests/space-name/expected_result b/regression-tests/space-name/expected_result new file mode 100644 index 0000000000..e69de29bb2 diff --git a/regression-tests/space-name/expected_result.narrow b/regression-tests/space-name/expected_result.narrow new file mode 100644 index 0000000000..6d1bdb6935 --- /dev/null +++ b/regression-tests/space-name/expected_result.narrow @@ -0,0 +1,11 @@ +1 9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com. IN NSEC3 86400 1 1 1 abcd 9FAG9508OQU3M22QAC0U5EQGG45V8CF2 +1 9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 +1 gl4qf9db2fkivonidgs9954bhkhpvviq.example.com. IN NSEC3 86400 1 1 1 abcd GL4QF9DB2FKIVONIDGS9954BHKHPVVIS +1 gl4qf9db2fkivonidgs9954bhkhpvviq.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='space\032name.example.com.', qtype=A diff --git a/regression-tests/space-name/expected_result.nsec3 b/regression-tests/space-name/expected_result.nsec3 new file mode 100644 index 0000000000..180b5ed4b2 --- /dev/null +++ b/regression-tests/space-name/expected_result.nsec3 @@ -0,0 +1,11 @@ +1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN NSEC3 86400 1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG +1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 +1 gl3vilecelbsri6t44urj9lp6m5853mq.example.com. IN NSEC3 86400 1 1 1 abcd GL5I9VH027O95O1M3UTE1A8KR1TJ253D A RRSIG +1 gl3vilecelbsri6t44urj9lp6m5853mq.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='space\032name.example.com.', qtype=A diff --git a/regression-tests/space-name/skip.nodnssec b/regression-tests/space-name/skip.nodnssec new file mode 100644 index 0000000000..e69de29bb2