+5126. [bug] Named incorrectly accepted empty base64 and hex encoded
+ fields when reading master files. [GL #807]
+
5125. [bug] Allow for up to 100 records or 64k of data when caching
a negative response. [GL #804]
for db in zones/bad*.db
do
echo_i "checking $db ($n)"
- ret=0
+ ret=0 v=0
case $db in
zones/bad-dns-sd-reverse.db)
- $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db > test.out.$n 2>&1 && ret=1
+ $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db > test.out.$n 2>&1 || v=$?
;;
*)
- $CHECKZONE -i local example $db > test.out.$n 2>&1 && ret=1
+ $CHECKZONE -i local example $db > test.out.$n 2>&1 || v=$?
;;
esac
+ test $v = 1 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ 3600 DHCID
+@ 3600 DHCID
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ EID
+@ EID
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ 3600 NIMLOC
+@ 3600 NIMLOC
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
- 7200 RRSIG SOA 7 3 7200 2010 20100225214229 30323 dyn.example.net.
+ 7200 RRSIG SOA 7 3 7200 2010 20100225214229 30323 dyn.example.net. MuyI
7200 NS ns1.example.net.
7200 NS ns2.example.net.
3600 RRSIG DNSKEY 7 3 3600 20100227180048 (
if (result != ISC_R_SUCCESS)
return (result);
- result = isc_hex_tobuffer(lexer, buf,
- (unsigned int)token.value.as_ulong);
- if (result != ISC_R_SUCCESS)
- goto failure;
- if (isc_buffer_usedlength(buf) != token.value.as_ulong) {
- result = ISC_R_UNEXPECTEDEND;
- goto failure;
+ if (token.value.as_ulong != 0U) {
+ result = isc_hex_tobuffer(lexer, buf,
+ (unsigned int)token.value.as_ulong);
+ if (result != ISC_R_SUCCESS) {
+ goto failure;
+ }
+ if (isc_buffer_usedlength(buf) != token.value.as_ulong) {
+ result = ISC_R_UNEXPECTEDEND;
+ goto failure;
+ }
}
if (dns_rdatatype_isknown(type)) {
RETTOK(dns_secalg_fromtext(&secalg, &token.value.as_textregion));
RETERR(mem_tobuffer(target, &secalg, 1));
- return (isc_base64_tobuffer(lexer, target, -1));
+ return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
length = ISC_SHA384_DIGESTLENGTH;
break;
default:
- length = -1;
+ length = -2;
break;
}
return (isc_hex_tobuffer(lexer, target, length));
/*
* Public key.
*/
- return (isc_base64_tobuffer(lexer, target, -1));
+ return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
if ((flags & 0xc000) == 0xc000)
return (ISC_R_SUCCESS);
- result = isc_base64_tobuffer(lexer, target, -1);
+ result = isc_base64_tobuffer(lexer, target, -2);
if (result != ISC_R_SUCCESS)
return (result);
if ((flags & 0xc000) == 0xc000)
return (ISC_R_SUCCESS);
- result = isc_base64_tobuffer(lexer, target, -1);
+ result = isc_base64_tobuffer(lexer, target, -2);
if (result != ISC_R_SUCCESS)
return (result);
/*
* Keyring.
*/
- return (isc_base64_tobuffer(lexer, target, -1));
+ return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
/*
* Sig.
*/
- return (isc_base64_tobuffer(lexer, target, -1));
+ return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
/*
* Sig.
*/
- return (isc_base64_tobuffer(lexer, target, -1));
+ return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
/*
* Digest.
*/
- return (isc_hex_tobuffer(lexer, target, -1));
+ return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
/*
* Certificate Association Data.
*/
- return (isc_hex_tobuffer(lexer, target, -1));
+ return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
UNUSED(options);
UNUSED(callbacks);
- return (isc_base64_tobuffer(lexer, target, -1));
+ return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
UNUSED(rdclass);
UNUSED(callbacks);
- return (isc_hex_tobuffer(lexer, target, -1));
+ return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
UNUSED(rdclass);
UNUSED(callbacks);
- return (isc_hex_tobuffer(lexer, target, -1));
+ return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
base32_tobuffer(isc_lex_t *lexer, const char base[], bool pad,
isc_buffer_t *target, int length)
{
+ unsigned int before, after;
base32_decode_ctx_t ctx;
isc_textregion_t *tr;
isc_token_t token;
bool eol;
+ REQUIRE(length >= -2);
+
base32_decode_init(&ctx, length, base, pad, target);
+ before = isc_buffer_usedlength(target);
while (!ctx.seen_end && (ctx.length != 0)) {
unsigned int i;
- if (length > 0)
+ if (length > 0) {
eol = false;
- else
+ } else {
eol = true;
+ }
RETERR(isc_lex_getmastertoken(lexer, &token,
isc_tokentype_string, eol));
- if (token.type != isc_tokentype_string)
+ if (token.type != isc_tokentype_string) {
break;
+ }
tr = &token.value.as_textregion;
- for (i = 0; i < tr->length; i++)
+ for (i = 0; i < tr->length; i++) {
RETERR(base32_decode_char(&ctx, tr->base[i]));
+ }
}
- if (ctx.length < 0 && !ctx.seen_end)
+ after = isc_buffer_usedlength(target);
+ if (ctx.length < 0 && !ctx.seen_end) {
isc_lex_ungettoken(lexer, &token);
+ }
RETERR(base32_decode_finish(&ctx));
+ if (length == -2 && before == after) {
+ return (ISC_R_UNEXPECTEDEND);
+ }
return (ISC_R_SUCCESS);
}
isc_result_t
isc_base64_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
+ unsigned int before, after;
base64_decode_ctx_t ctx;
isc_textregion_t *tr;
isc_token_t token;
bool eol;
+ REQUIRE(length >= -2);
+
base64_decode_init(&ctx, length, target);
+ before = isc_buffer_usedlength(target);
while (!ctx.seen_end && (ctx.length != 0)) {
unsigned int i;
- if (length > 0)
+ if (length > 0) {
eol = false;
- else
+ } else {
eol = true;
+ }
RETERR(isc_lex_getmastertoken(lexer, &token,
isc_tokentype_string, eol));
- if (token.type != isc_tokentype_string)
+ if (token.type != isc_tokentype_string) {
break;
+ }
tr = &token.value.as_textregion;
- for (i = 0; i < tr->length; i++)
+ for (i = 0; i < tr->length; i++) {
RETERR(base64_decode_char(&ctx, tr->base[i]));
+ }
}
- if (ctx.length < 0 && !ctx.seen_end)
+ after = isc_buffer_usedlength(target);
+ if (ctx.length < 0 && !ctx.seen_end) {
isc_lex_ungettoken(lexer, &token);
+ }
RETERR(base64_decode_finish(&ctx));
+ if (length == -2 && before == after) {
+ return (ISC_R_UNEXPECTEDEND);
+ }
return (ISC_R_SUCCESS);
}
isc_result_t
isc_hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) {
+ unsigned int before, after;
hex_decode_ctx_t ctx;
isc_textregion_t *tr;
isc_token_t token;
bool eol;
+ REQUIRE(length >= -2);
+
hex_decode_init(&ctx, length, target);
+ before = isc_buffer_usedlength(target);
while (ctx.length != 0) {
unsigned int i;
- if (length > 0)
+ if (length > 0) {
eol = false;
- else
+ } else {
eol = true;
+ }
RETERR(isc_lex_getmastertoken(lexer, &token,
isc_tokentype_string, eol));
- if (token.type != isc_tokentype_string)
+ if (token.type != isc_tokentype_string) {
break;
+ }
tr = &token.value.as_textregion;
- for (i = 0; i < tr->length; i++)
+ for (i = 0; i < tr->length; i++) {
RETERR(hex_decode_char(&ctx, tr->base[i]));
+ }
}
- if (ctx.length < 0)
+ after = isc_buffer_usedlength(target);
+ if (ctx.length < 0) {
isc_lex_ungettoken(lexer, &token);
+ }
RETERR(hex_decode_finish(&ctx));
+ if (length == -2 && before == after) {
+ return (ISC_R_UNEXPECTEDEND);
+ }
return (ISC_R_SUCCESS);
}
isc_base32hexnp_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
/*!<
* \brief Convert text encoded in base32, base32hex, or base32hex
- * non-padded from a lexer context into data.
+ * non-padded from a lexer context into `target`. If 'length' is
+ * non-negative, it is the expected number of encoded octets to convert.
+ *
+ * If 'length' is -1 then 0 or more encoded octets are expected.
+ * If 'length' is -2 then 1 or more encoded octets are expected.
+ *
+ * Returns:
+ *\li #ISC_R_BADBASE32 -- invalid base32 encoding.
+ *\li #ISC_R_UNEXPECTEDEND: the text does not contain the expected
+ * number of encoded octets.
*
* Requires:
- *\li 'lex' is a valid lexer context
+ *\li 'lexer' is a valid lexer context
*\li 'target' is a buffer containing binary data
- *\li 'length' is an integer
+ *\li 'length' is -2, -1, or non-negative
*
* Ensures:
*\li target will contain the data represented by the base32 encoded
- * string parsed by the lexer. No more than length bytes will be read,
- * if length is positive. The 'used' pointer in target will be
- * advanced as necessary.
+ * string parsed by the lexer. No more than `length` octets will
+ * be read, if `length` is non-negative. The 'used' pointer in
+ * 'target' will be advanced as necessary.
*/
isc_result_t
isc_result_t
isc_base64_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
/*!<
- * \brief Convert base64 encoded text from a lexer context into data.
+ * \brief Convert base64 encoded text from a lexer context into
+ * `target`. If 'length' is non-negative, it is the expected number of
+ * encoded octets to convert.
+ *
+ * If 'length' is -1 then 0 or more encoded octets are expected.
+ * If 'length' is -2 then 1 or more encoded octets are expected.
+ *
+ * Returns:
+ *\li #ISC_R_BADBASE64 -- invalid base64 encoding.
+ *\li #ISC_R_UNEXPECTEDEND: the text does not contain the expected
+ * number of encoded octets.
*
* Requires:
- *\li 'lex' is a valid lexer context
+ *\li 'lexer' is a valid lexer context
*\li 'target' is a buffer containing binary data
- *\li 'length' is an integer
+ *\li 'length' is -2, -1, or non-negative
*
* Ensures:
*\li target will contain the data represented by the base64 encoded
- * string parsed by the lexer. No more than length bytes will be read,
- * if length is positive. The 'used' pointer in target will be
- * advanced as necessary.
+ * string parsed by the lexer. No more than `length` octets will
+ * be read, if `length` is non-negative. The 'used' pointer in
+ * 'target' will be advanced as necessary.
*/
-
-
ISC_LANG_ENDDECLS
#endif /* ISC_BASE64_H */
isc_result_t
isc_hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length);
/*!<
- * \brief Convert hex encoded text from a lexer context into data.
+ * \brief Convert hex-encoded text from a lexer context into
+ * `target`. If 'length' is non-negative, it is the expected number of
+ * encoded octets to convert.
+ *
+ * If 'length' is -1 then 0 or more encoded octets are expected.
+ * If 'length' is -2 then 1 or more encoded octets are expected.
+ *
+ * Returns:
+ *\li #ISC_R_BADHEX -- invalid hex encoding
+ *\li #ISC_R_UNEXPECTEDEND: the text does not contain the expected
+ * number of encoded octets.
*
* Requires:
- *\li 'lex' is a valid lexer context
+ *\li 'lexer' is a valid lexer context
*\li 'target' is a buffer containing binary data
- *\li 'length' is an integer
+ *\li 'length' is -2, -1, or non-negative
*
* Ensures:
*\li target will contain the data represented by the hex encoded
- * string parsed by the lexer. No more than length bytes will be read,
- * if length is positive. The 'used' pointer in target will be
- * advanced as necessary.
+ * string parsed by the lexer. No more than `length` octets will
+ * be read, if `length` is non-negative. The 'used' pointer in
+ * 'target' will be advanced as necessary.
*/
-
ISC_LANG_ENDDECLS
#endif /* ISC_HEX_H */
./bin/tests/system/checkzone/zones/.gitattributes X 2015,2018,2019
./bin/tests/system/checkzone/zones/bad-badclass.raw X 2015,2018,2019
./bin/tests/system/checkzone/zones/bad-caa-rr.db ZONE 2015,2016,2018,2019
+./bin/tests/system/checkzone/zones/bad-dhcid.db ZONE 2019
./bin/tests/system/checkzone/zones/bad-dns-sd-reverse.db ZONE 2015,2016,2018,2019
+./bin/tests/system/checkzone/zones/bad-eid.db ZONE 2019
./bin/tests/system/checkzone/zones/bad-generate-tkey.db ZONE 2018,2019
+./bin/tests/system/checkzone/zones/bad-nimloc.db ZONE 2019
./bin/tests/system/checkzone/zones/bad-nsap-empty.db ZONE 2015,2016,2018,2019
./bin/tests/system/checkzone/zones/bad-nsap-odd-nibble.db ZONE 2015,2016,2018,2019
./bin/tests/system/checkzone/zones/bad-nsec3-padded.db ZONE 2014,2016,2018,2019
projects / thirdparty / bind9.git / commitdiff
