From: Mark Andrews <marka@isc.org>
Date: Sun, 24 Mar 2019 06:48:22 +0000 (+1100)
Subject: for rkey flags MUST be zero
X-Git-Tag: v9.15.0~55^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=82d4931440d244df52f23a37412bd8d96d7be206;p=thirdparty%2Fbind9.git

for rkey flags MUST be zero
---

diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh
index a4cf7c1c3e5..d2cfb9f4fff 100644
--- a/bin/tests/system/genzone.sh
+++ b/bin/tests/system/genzone.sh
@@ -337,7 +337,7 @@ ninfo14			NINFO	"foo\;"
 ninfo15			NINFO	"bar\\;"
 
 ; type 57
-rkey01			RKEY	512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
+rkey01			RKEY	0 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
 				9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV
 				sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
 				a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )
diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good
index 7e4acf5c4ab..780b9e712cb 100644
--- a/bin/tests/system/xfer/dig1.good
+++ b/bin/tests/system/xfer/dig1.good
@@ -121,7 +121,7 @@ openpgpkey.example.	3600	IN	OPENPGPKEY  AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7
 ptr01.example.		3600	IN	PTR	example.
 px01.example.		3600	IN	PX	65535 foo. bar.
 px02.example.		3600	IN	PX	65535 . .
-rkey01.example.		3600	IN	RKEY	512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+rkey01.example.		3600	IN	RKEY	0 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 rp01.example.		3600	IN	RP	mbox-dname.example. txt-dname.example.
 rp02.example.		3600	IN	RP	. .
 rt01.example.		3600	IN	RT	0 intermediate-host.example.
diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good
index 6d01d35d680..3a32309bc23 100644
--- a/bin/tests/system/xfer/dig2.good
+++ b/bin/tests/system/xfer/dig2.good
@@ -121,7 +121,7 @@ openpgpkey.example.	3600	IN	OPENPGPKEY  AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7
 ptr01.example.		3600	IN	PTR	example.
 px01.example.		3600	IN	PX	65535 foo. bar.
 px02.example.		3600	IN	PX	65535 . .
-rkey01.example.		3600	IN	RKEY	512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
+rkey01.example.		3600	IN	RKEY	0 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 rp01.example.		3600	IN	RP	mbox-dname.example. txt-dname.example.
 rp02.example.		3600	IN	RP	. .
 rt01.example.		3600	IN	RT	0 intermediate-host.example.
diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c
index 186351282e6..0cc8b96c506 100644
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@@ -58,6 +58,9 @@ generic_fromtext_key(ARGS_FROMTEXT) {
 	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
 				      false));
 	RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
+	if (type == dns_rdatatype_rkey && flags != 0U) {
+		RETTOK(DNS_R_FORMERR);
+	}
 	RETERR(uint16_tobuffer(flags, target));
 
 	/* protocol */
@@ -197,6 +200,10 @@ generic_fromwire_key(ARGS_FROMWIRE) {
 	}
 	flags = (sr.base[0] << 8) | sr.base[1];
 
+	if (type == dns_rdatatype_rkey && flags != 0U) {
+		return (DNS_R_FORMERR);
+	}
+
 	algorithm = sr.base[3];
 	RETERR(mem_tobuffer(target, sr.base, 4));
 	isc_region_consume(&sr, 4);
@@ -291,6 +298,10 @@ generic_fromstruct_key(ARGS_FROMSTRUCT) {
 	UNUSED(type);
 	UNUSED(rdclass);
 
+	if (type == dns_rdatatype_rkey) {
+		INSIST(key->flags == 0U);
+	}
+
 	/* Flags */
 	RETERR(uint16_tobuffer(key->flags, target));
 
diff --git a/lib/dns/tests/rdata_test.c b/lib/dns/tests/rdata_test.c
index 856a09b6d83..f2a4679d9cd 100644
--- a/lib/dns/tests/rdata_test.c
+++ b/lib/dns/tests/rdata_test.c
@@ -1591,7 +1591,39 @@ nxt(void **state) {
 
 static void
 rkey(void **state) {
+	text_ok_t text_ok[] = {
+		/*
+		 * Valid, flags set to 0 and a key is present.
+		 */
+		TEXT_VALID("0 0 0 aaaa"),
+		/*
+		 * Invalid, non-zero flags.
+		 */
+		TEXT_INVALID("1 0 0 aaaa"),
+		TEXT_INVALID("65535 0 0 aaaa"),
+		/*
+		 * Sentinel.
+		 */
+		TEXT_SENTINEL()
+	};
+	wire_ok_t wire_ok[] = {
+		/*
+		 * Valid, flags set to 0 and a key is present.
+		 */
+		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00),
+		/*
+		 * Invalid, non-zero flags.
+		 */
+		WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00),
+		WIRE_INVALID(0xff, 0xff, 0x00, 0x00, 0x00),
+		/*
+		 * Sentinel.
+		 */
+		WIRE_SENTINEL()
+	};
 	key_required(state, dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t));
+	check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+		    dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t));
 }
 
 /*