Check that named rejects excessive iterations via UPDATE

(cherry picked from commit 4ce8437a6ef788fd6337f2c36de973eb4f7358fd)

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 9e892747d5f9fb9858f11ee7035cefddb8536e42..c0b1abd66112fb41583c81aa3919fcd00d458bd1 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -311,6 +311,7 @@ then
     {
       $PERL update_test.pl -s 10.53.0.1 -p ${PORT} update.nil. || ret=1
     } | cat_i
+    grep "updating zone 'update.nil/IN': too many NSEC3 iterations (151)" ns1/named.run > /dev/null || ret=1
     [ $ret -eq 1 ] && { echo_i "failed"; status=1; }
 else
     echo_i "The second part of this test requires the Net::DNS library." >&2
@@ -1163,7 +1164,7 @@ server 10.53.0.3 ${PORT}
 zone example
 update add example 0 in NSEC3PARAM 1 0 151 -
 END
-grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n || ret=1
+grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
 [ $ret = 0 ] || { echo_i "failed"; status=1; }
 
 if ! $FEATURETEST --gssapi ; then

diff --git a/bin/tests/system/nsupdate/update_test.pl b/bin/tests/system/nsupdate/update_test.pl
index 894a57219661a7fe0998436d7480ea89206814af..fd6a5425aa0a3ae8950d379d2a1ea2b5f8bd3421 100644 (file)
--- a/bin/tests/system/nsupdate/update_test.pl
+++ b/bin/tests/system/nsupdate/update_test.pl
@@ -410,6 +410,10 @@ test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]);
 
 test("NOERROR", ["update", rr_del("u.$zone NS ns.u.$zone")]);
 
+section("Excessive NSEC3PARAM iterations");
+test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 151 -")]);
+test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 150 -")]);
+
 if ($failures) {
     print "$failures tests failed.\n";
 } else {