+4872. [bug] Don't permit loading meta RR types such as TKEY
+ from master files. [RT #47009]
+
4871. [bug] Fix configure glitch in detecting stdatomic.h
support on systems with multiple compilers.
[RT #46959]
if (update_class == zoneclass) {
/*
- * RFC1123 doesn't allow MF and MD in master zones. */
+ * RFC1123 doesn't allow MF and MD in master zones.
+ */
if (rdata.type == dns_rdatatype_md ||
rdata.type == dns_rdatatype_mf) {
char typebuf[DNS_RDATATYPE_FORMATSIZE];
* Ignore attempts to add NSEC3PARAM records
* with any flags other than OPTOUT.
*/
- if ((rdata.data[1] & ~DNS_NSEC3FLAG_OPTOUT) != 0) {
+ if ((rdata.data[1] &
+ ~DNS_NSEC3FLAG_OPTOUT) != 0)
+ {
update_log(client, zone,
LOGLEVEL_PROTOCOL,
"attempt to add NSEC3PARAM "
}
fprintf(stream, "%s\n%.*s", description,
(int)isc_buffer_usedlength(buf), (char*)isc_buffer_base(buf));
+ fflush(stream);
isc_buffer_free(&buf);
}
--- /dev/null
+; Copyright (C) 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$TTL 600
+@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
+ NS ns
+ns A 192.0.2.1
+
+$GENERATE 0-7 tkey$ TKEY "invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw=="
--- /dev/null
+; Copyright (C) 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$TTL 600
+@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
+ NS ns
+ns A 192.0.2.1
+
+tkey TKEY invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
--- /dev/null
+; Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$TTL 600
+@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
+ NS ns
+ns A 192.0.2.1
+
+tsig TSIG hmac-sha1. 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0
grep "couldn't get address for 'unresolvable..': not found" nsupdate.out > /dev/null || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
+n=`expr $n + 1`
+ret=0
+echo "I:check that TKEY in a update is rejected ($n)"
+$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
+server 10.53.0.3 5300
+update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
+send
+END
+grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
+grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
+[ $ret = 0 ] || { echo I:failed; status=1; }
+
#
# Add client library tests here
#
goto insist_cleanup;
}
+ /*
+ * RFC2930: TKEY and TSIG are not allowed to be loaded
+ * from master files.
+ */
+ if ((lctx->options & DNS_MASTER_ZONE) != 0 &&
+ (lctx->options & DNS_MASTER_SLAVE) == 0 &&
+ dns_rdatatype_ismeta(type))
+ {
+ (*callbacks->error)(callbacks,
+ "%s: %s:%lu: meta RR type '%s'",
+ "$GENERATE",
+ source, line, gtype);
+ result = DNS_R_METATYPE;
+ goto insist_cleanup;
+ }
+
for (i = start; i <= stop; i += step) {
result = genname(lhs, i, lhsbuf, DNS_MASTER_LHS);
if (result != ISC_R_SUCCESS)
goto insist_and_cleanup;
}
+ /*
+ * RFC2930: TKEY and TSIG are not allowed to be loaded
+ * from master files.
+ */
+ if ((lctx->options & DNS_MASTER_ZONE) != 0 &&
+ (lctx->options & DNS_MASTER_SLAVE) == 0 &&
+ dns_rdatatype_ismeta(type))
+ {
+ char typename[DNS_RDATATYPE_FORMATSIZE];
+
+ result = DNS_R_METATYPE;
+
+ dns_rdatatype_format(type, typename, sizeof(typename));
+ (*callbacks->error)(callbacks,
+ "%s:%lu: %s '%s': %s",
+ source, line,
+ "type", typename,
+ dns_result_totext(result));
+ if (MANYERRS(lctx, result)) {
+ SETRESULT(lctx, result);
+ } else
+ goto insist_and_cleanup;
+ }
+
/*
* Find a rdata structure.
*/
projects / thirdparty / bind9.git / commitdiff
