Test UPDATE behavior in CHAOS and other non-IN classes

Send various UPDATE requests that are known to have caused
crashes previously with deliberately misconfigured non-IN
zones; confirm that UPDATE is not processed.

diff --git a/bin/named/server.c b/bin/named/server.c
index d584c1249e859006b1858d1054d9805ffc2962c3..7f3f0162a5170f3e8abe430785bcb6e6422e38c7 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -4775,7 +4775,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
                                 aclctx, isc_g_mctx, &view->proxyonacl));
 
        if (view->rdclass != dns_rdataclass_in) {
-               view->recursion = false;
                dns_acl_none(isc_g_mctx, &view->recursionacl);
                dns_acl_none(isc_g_mctx, &view->recursiononacl);
        } else {

diff --git a/bin/tests/system/class/ns2/localhost.db.in b/bin/tests/system/class/ns2/localhost.db.in
index baa5f7486216c43453fa8fd1bc27581b814471fc..a50e5167a91061a1a5aaa2b485aebdfecd22fae8 100644 (file)
--- a/bin/tests/system/class/ns2/localhost.db.in
+++ b/bin/tests/system/class/ns2/localhost.db.in
@@ -3,4 +3,9 @@ $TTL 300
 @ IN SOA ns hostmaster 1 3600 900 604800 300
 @ IN NS ns
 ns IN A 127.0.0.1
+
 @ IN KX 10 target.example.
+@ IN PX 10 map822.example. mapx400.example.
+@ IN NSAP 0x47000580ffff0000000001e133ffffff00016200
+@ IN NSAP-PTR target.example.
+@ in EID \# 01 aa

diff --git a/bin/tests/system/class/tests_class_update.py b/bin/tests/system/class/tests_class_update.py
new file mode 100644 (file)
index 0000000..e53bbc7
--- /dev/null
+++ b/bin/tests/system/class/tests_class_update.py
@@ -0,0 +1,96 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import socket
+import struct
+
+from dns import rdataclass, rdatatype, update
+
+import pytest
+
+import isctest
+
+pytestmark = pytest.mark.extra_artifacts(
+    [
+        "*/*.db",
+    ]
+)
+
+
+def encode_name(name: str) -> bytes:
+    out = b""
+    for label in name.rstrip(".").split("."):
+        out += bytes([len(label)]) + label.encode("ascii")
+    return out + b"\x00"
+
+
+@pytest.mark.parametrize(
+    "rdtype,rdclass,ttl,rdata",
+    [
+        (rdatatype.SRV, rdataclass.NONE, 0, b"\x00"),
+        (rdatatype.KX, rdataclass.NONE, 0, b""),
+        (rdatatype.PX, rdataclass.NONE, 0, b""),
+        (rdatatype.NSAP, rdataclass.NONE, 0, b""),
+        (rdatatype.NSAP_PTR, rdataclass.NONE, 0, b""),
+        (31, rdataclass.NONE, 0, b""),  # dnspython doesn't define type EID
+    ],
+)
+def test_class_invalid(rdtype, rdclass, ttl, rdata, named_port):
+    # these update messages are badly formatted, so we construct
+    # them manually instead of using dnspython.
+
+    # opcode=UPDATE, 1 RRset in ZONE, 1 RRset in UPDATE
+    header = struct.pack("!HHHHHH", 0, 0x2800, 1, 0, 1, 0)
+
+    # ZONE section: QNAME=<zone>, QTYPE=SOA, QCLASS=ANY
+    zone_q = encode_name("1.0.0.127.in-addr.arpa") + struct.pack("!HH", 6, 255)
+
+    # UPDATE section RR:
+    update_rr = (
+        encode_name("1.0.0.127.in-addr.arpa")
+        + struct.pack("!HHIH", rdtype, rdclass, ttl, len(rdata))
+        + rdata
+    )
+
+    m = header + zone_q + update_rr
+    packet = struct.pack("!H", len(m)) + m
+
+    with socket.create_connection(
+        ("10.53.0.2", named_port), source_address=("127.0.0.1", 0), timeout=2.0
+    ) as s:
+        s.sendall(packet)
+        try:
+            rwire = s.recv(4096)
+            res = dns.message.from_wire(rwire)
+            isctest.check.formerr(res)
+        except Exception:  # pylint: disable=broad-except
+            pass
+
+    # check the server is answering
+    msg = isctest.query.create("1.0.0.127.in-addr.arpa", "SRV")
+    res = isctest.query.udp(msg, "10.53.0.2")
+    isctest.check.noerror(res)
+    isctest.check.rr_count_eq(res.answer, 0)
+
+
+@pytest.mark.parametrize(
+    "rdtype,rdata",
+    [
+        (rdatatype.SVCB, "\\# 02 0000"),
+        (rdatatype.WKS, "\\# 02 4142"),
+        (rdatatype.WKS, "\\# 02 4344"),
+    ],
+)
+def test_class_chaosupdate(rdtype, rdata):
+    up = update.UpdateMessage("example.", rdclass=rdataclass.CHAOS)
+    up.add("foo.example.", 300, rdtype, rdata)
+    res = isctest.query.tcp(up, "10.53.0.2")
+    isctest.check.notimp(res)