for rkey flags MUST be zero

(cherry picked from commit 82d4931440d244df52f23a37412bd8d96d7be206)

diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh
index a4cf7c1c3e5bad49f74655bb92d805f029b2c16e..d2cfb9f4fffa05c51408e600966c096bc4322b85 100644 (file)
--- a/bin/tests/system/genzone.sh
+++ b/bin/tests/system/genzone.sh
@@ -337,7 +337,7 @@ ninfo14                     NINFO   "foo\;"
 ninfo15                        NINFO   "bar\\;"
 
 ; type 57
-rkey01                 RKEY    512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
+rkey01                 RKEY    0 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
                                9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV
                                sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
                                a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )

diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good
index 7e4acf5c4ab6124600a02aaf10881d045fb2a0f5..780b9e712cb0042eaae7c210ecf386c2cd45245c 100644 (file)
--- a/bin/tests/system/xfer/dig1.good
+++ b/bin/tests/system/xfer/dig1.good
@@ -121,7 +121,7 @@ openpgpkey.example. 3600    IN      OPENPGPKEY  AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7
 ptr01.example.         3600    IN      PTR     example.
 px01.example.          3600    IN      PX      65535 foo. bar.
 px02.example.          3600    IN      PX      65535 . .
-rkey01.example.                3600    IN      RKEY    512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+rkey01.example.                3600    IN      RKEY    0 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 rp01.example.          3600    IN      RP      mbox-dname.example. txt-dname.example.
 rp02.example.          3600    IN      RP      . .
 rt01.example.          3600    IN      RT      0 intermediate-host.example.

diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good
index 6d01d35d680ada35af78c3ee76103f9e3885a8fa..3a32309bc23052c74ada39cdc4c47c9e22193d1a 100644 (file)
--- a/bin/tests/system/xfer/dig2.good
+++ b/bin/tests/system/xfer/dig2.good
@@ -121,7 +121,7 @@ openpgpkey.example. 3600    IN      OPENPGPKEY  AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7
 ptr01.example.         3600    IN      PTR     example.
 px01.example.          3600    IN      PX      65535 foo. bar.
 px02.example.          3600    IN      PX      65535 . .
-rkey01.example.                3600    IN      RKEY    512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+rkey01.example.                3600    IN      RKEY    0 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 rp01.example.          3600    IN      RP      mbox-dname.example. txt-dname.example.
 rp02.example.          3600    IN      RP      . .
 rt01.example.          3600    IN      RT      0 intermediate-host.example.

diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c
index 77f8bf7a3d76b39e9fba7d6b4e9367a2760bb5f4..92f679d70651d596739ebc70fb8965cb338bde0d 100644 (file)
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@@ -59,6 +59,9 @@ generic_fromtext_key(ARGS_FROMTEXT) {
        RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
                                      false));
        RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
+       if (type == dns_rdatatype_rkey && flags != 0U) {
+               RETTOK(DNS_R_FORMERR);
+       }
        RETERR(uint16_tobuffer(flags, target));
 
        /* protocol */
@@ -206,6 +209,10 @@ generic_fromwire_key(ARGS_FROMWIRE) {
        }
        flags = (sr.base[0] << 8) | sr.base[1];
 
+       if (type == dns_rdatatype_rkey && flags != 0U) {
+               return (DNS_R_FORMERR);
+       }
+
        algorithm = sr.base[3];
        RETERR(mem_tobuffer(target, sr.base, 4));
        isc_region_consume(&sr, 4);
@@ -308,6 +315,10 @@ generic_fromstruct_key(ARGS_FROMSTRUCT) {
        UNUSED(type);
        UNUSED(rdclass);
 
+       if (type == dns_rdatatype_rkey) {
+               INSIST(key->flags == 0U);
+       }
+
        /* Flags */
        RETERR(uint16_tobuffer(key->flags, target));
 

diff --git a/lib/dns/tests/rdata_test.c b/lib/dns/tests/rdata_test.c
index ad4f14c0af6e1fc93e45d875f2f78f84d9bf1163..053f5994a33fcdaa969a0351d3e56306a795aaf7 100644 (file)
--- a/lib/dns/tests/rdata_test.c
+++ b/lib/dns/tests/rdata_test.c
@@ -1593,7 +1593,39 @@ nxt(void **state) {
 
 static void
 rkey(void **state) {
+       text_ok_t text_ok[] = {
+               /*
+                * Valid, flags set to 0 and a key is present.
+                */
+               TEXT_VALID("0 0 0 aaaa"),
+               /*
+                * Invalid, non-zero flags.
+                */
+               TEXT_INVALID("1 0 0 aaaa"),
+               TEXT_INVALID("65535 0 0 aaaa"),
+               /*
+                * Sentinel.
+                */
+               TEXT_SENTINEL()
+       };
+       wire_ok_t wire_ok[] = {
+               /*
+                * Valid, flags set to 0 and a key is present.
+                */
+               WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00),
+               /*
+                * Invalid, non-zero flags.
+                */
+               WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00),
+               WIRE_INVALID(0xff, 0xff, 0x00, 0x00, 0x00),
+               /*
+                * Sentinel.
+                */
+               WIRE_SENTINEL()
+       };
        key_required(state, dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t));
+       check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+                   dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t));
 }
 
 /*