- Fix parse of svcbparam ech, it had incorrect length. Thanks

  to Qifan Zhang, Palo Alto Networks for the report.

diff --git a/doc/Changelog b/doc/Changelog
index a21d132b6e78dd1e2e17787af315ccbe285d2fc0..a236bf12a2486f6a79909e1daffebf6857a9c8c5 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -9,6 +9,8 @@
        - Fix negative cache to work with NSEC3 records without salt.
          Thanks to Xin Wang, Jiapeng Li, and Jiajia Liu, Northwestern
          Polytechnical University, for the report.
+       - Fix parse of svcbparam ech, it had incorrect length. Thanks
+         to Qifan Zhang, Palo Alto Networks for the report.
 
 3 June 2026: Yorgos
        - Fix const as reported by newest compiler warnings.

diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index f299b7c9cc5337b8b3b743ce20dc2df2bc16a0b0..50a71d39798711db531f827d0b55593ad848201a 100644 (file)
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -1410,6 +1410,7 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len)
                        return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
                sldns_write_uint16(rd, SVCB_KEY_ECH);
                sldns_write_uint16(rd + 2, 0);
+               *rd_len = 4;
 
                return LDNS_WIREPARSE_ERR_OK;
        }

diff --git a/testcode/unitldns.c b/testcode/unitldns.c
index 07d001a792e1a24a3c1f112a0beac921384e3a1f..003fcec7d6e0a6bbf73486177f54e63fdcfbd85c 100644 (file)
--- a/testcode/unitldns.c
+++ b/testcode/unitldns.c
@@ -279,10 +279,24 @@ b64_test(void)
        unit_assert(result == -1);
 }
 
+/** test SVCB ech svcparam */
+static void
+svcb_ech_test(void)
+{
+       uint8_t rr[LDNS_RR_BUF_SIZE];
+       size_t rr_len = sizeof(rr), dname_len = 0;
+       int e = sldns_str2wire_rr_buf("x. 300 IN HTTPS 1 . ech=0",
+               rr, &rr_len, &dname_len, 300, NULL, 0, NULL, 0);
+       unit_assert(e == LDNS_WIREPARSE_ERR_OK);
+       unit_assert(rr_len == dname_len + 10 /* type,class,ttl,rdatalen */ + 7 /* rdata */);
+       unit_assert(sldns_read_uint16(rr + dname_len + 8 /* rdlen */) == 7);
+}
+
 void
 ldns_test(void)
 {
        unit_show_feature("sldns");
        rr_tests();
        b64_test();
+       svcb_ech_test();
 }

diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone
index c3d015ec0f036770bd32f0765b3b214f9bf0d5f1..50cf1f3c9575e7a6c8549a2fd30809da951b6da6 100644 (file)
--- a/testdata/svcb.tdir/svcb.success-cases.zone
+++ b/testdata/svcb.tdir/svcb.success-cases.zone
@@ -59,3 +59,7 @@ _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/dns-query{?dns}"
 _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcd}{!abcd}{?dns}
 _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcdabcd?dns?defedf}
 _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-queryéè{?dns}
+
+; The ech=0 convenience entry for empty ech list
+echempty SVCB 0 . ech=0
+echempty SVCB 0 h2. ech

diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp
index 3a42393baa1724962dbb599165ce756ec71c0d9f..fc84d601e3797f842ac25106ae49f1128b032aa4 100644 (file)
--- a/testdata/svcb.tdir/svcb.success-cases.zone.cmp
+++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp
@@ -16,3 +16,5 @@ _dns.doh.example.     7200    IN      SVCB    1 doh.example. alpn="h2" dohpath="/dns-query{?dns
 _dns.doh.example.      7200    IN      SVCB    1 doh.example. alpn="h2" dohpath="/dns-query{?abcd}{!abcd}{?dns}"
 _dns.doh.example.      7200    IN      SVCB    1 doh.example. alpn="h2" dohpath="/dns-query{?abcdabcd?dns?defedf}"
 _dns.doh.example.      7200    IN      SVCB    1 doh.example. alpn="h2" dohpath="/dns-query\195\169\195\168{?dns}"
+echempty.success-cases.        7200    IN      SVCB    0 . ech
+echempty.success-cases.        7200    IN      SVCB    0 h2. ech