]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
authorMark Andrews <marka@isc.org>
Tue, 14 Jan 2014 05:12:30 +0000 (16:12 +1100)
committerMark Andrews <marka@isc.org>
Tue, 14 Jan 2014 05:12:30 +0000 (16:12 +1100)
CHANGES
bin/tests/system/dnssec/tests.sh
lib/dns/rdata/generic/rrsig_46.c

diff --git a/CHANGES b/CHANGES
index fcd52335fba053b6f32c595d0e52e124c485d7da..257a5a5237e4ce9be4594b0f2d916431ebcaf678 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3704.  [protocol]      Accept integer timestamps in RRSIG records. [RT #35185]
+
 3703.  [func]          To improve recursive resolver performance, cache
                        records which are still being requested by clients
                        can now be automatically refreshed from the
index b19e3d7b853d9838a6f0b5aa63d72b5822cad359..1f25601faca6828ba17c39f7f6441cc8b3c83159 100644 (file)
@@ -2387,5 +2387,19 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:check the acceptance of seconds as inception and expiration times ($n)"
+ret=0
+in="NSEC 8 0 86400 1390003200 1389394800 33655 . NYWjZYBV1b+h4j0yu/SmPOOylR8P4IXKDzHX3NwEmU1SUp27aJ91dP+i+UBcnPmBib0hck4DrFVvpflCEpCnVQd2DexcN0GX+3PM7XobxhtDlmnU X1L47zJlbdHNwTqHuPaMM6Xy9HGMXps7O5JVyfggVhTz2C+G5OVxBdb2rOo="
+
+exp="NSEC 8 0 86400 20140118000000 20140110230000 33655 . NYWjZYBV1b+h4j0yu/SmPOOylR8P4IXKDzHX3NwEmU1SUp27aJ91dP+i +UBcnPmBib0hck4DrFVvpflCEpCnVQd2DexcN0GX+3PM7XobxhtDlmnU X1L47zJlbdHNwTqHuPaMM6Xy9HGMXps7O5JVyfggVhTz2C+G5OVxBdb2 rOo="
+
+out=`echo "IN RRSIG $in" | $RRCHECKER -p | sed 's/^IN.RRSIG.//'`
+[ "$out" = "$exp" ] || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+
+
 echo "I:exit status: $status"
 exit $status
index f200c5788bdc881e29e12094a71a0c0af229adac..7bda5159a2c107ff42050e53f2e41d5b7e32746b 100644 (file)
@@ -90,7 +90,19 @@ fromtext_rrsig(ARGS_FROMTEXT) {
         */
        RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
                                      ISC_FALSE));
-       RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_expire));
+       if (strlen(DNS_AS_STR(token)) <= 10U &&
+           *DNS_AS_STR(token) != '-' && *DNS_AS_STR(token) != '+') {
+               char *end;
+               unsigned long l;
+
+               l = strtoul(DNS_AS_STR(token), &end, 10);
+               if (l == ULONG_MAX || *end != 0)
+                       RETTOK(DNS_R_SYNTAX);
+               if ((isc_uint64_t)l > (isc_uint64_t)0xffffffff)
+                       RETTOK(ISC_R_RANGE);
+               time_expire = l;
+       } else
+                RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_expire));
        RETERR(uint32_tobuffer(time_expire, target));
 
        /*
@@ -98,7 +110,19 @@ fromtext_rrsig(ARGS_FROMTEXT) {
         */
        RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
                                      ISC_FALSE));
-       RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_signed));
+       if (strlen(DNS_AS_STR(token)) <= 10U &&
+           *DNS_AS_STR(token) != '-' && *DNS_AS_STR(token) != '+') {
+               char *end;
+               unsigned long l;
+
+               l = strtoul(DNS_AS_STR(token), &end, 10);
+               if (l == ULONG_MAX || *end != 0)
+                       RETTOK(DNS_R_SYNTAX);
+               if ((isc_uint64_t)l > (isc_uint64_t)0xffffffff)
+                       RETTOK(ISC_R_RANGE);
+               time_signed = l;
+       } else
+               RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_signed));
        RETERR(uint32_tobuffer(time_signed, target));
 
        /*