From: W.C.A. Wijngaards Date: Wed, 3 Jun 2026 12:05:48 +0000 (+0200) Subject: - Fix parse of svcbparam ech, it had incorrect length. Thanks X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=d05eff4d544db39bc0bf7b3706e795d5cfa09788;p=thirdparty%2Funbound.git - Fix parse of svcbparam ech, it had incorrect length. Thanks to Qifan Zhang, Palo Alto Networks for the report. --- diff --git a/doc/Changelog b/doc/Changelog index a21d132b6..a236bf12a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -9,6 +9,8 @@ - Fix negative cache to work with NSEC3 records without salt. Thanks to Xin Wang, Jiapeng Li, and Jiajia Liu, Northwestern Polytechnical University, for the report. + - Fix parse of svcbparam ech, it had incorrect length. Thanks + to Qifan Zhang, Palo Alto Networks for the report. 3 June 2026: Yorgos - Fix const as reported by newest compiler warnings. diff --git a/sldns/str2wire.c b/sldns/str2wire.c index f299b7c9c..50a71d397 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1410,6 +1410,7 @@ sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len) return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; sldns_write_uint16(rd, SVCB_KEY_ECH); sldns_write_uint16(rd + 2, 0); + *rd_len = 4; return LDNS_WIREPARSE_ERR_OK; } diff --git a/testcode/unitldns.c b/testcode/unitldns.c index 07d001a79..003fcec7d 100644 --- a/testcode/unitldns.c +++ b/testcode/unitldns.c @@ -279,10 +279,24 @@ b64_test(void) unit_assert(result == -1); } +/** test SVCB ech svcparam */ +static void +svcb_ech_test(void) +{ + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t rr_len = sizeof(rr), dname_len = 0; + int e = sldns_str2wire_rr_buf("x. 300 IN HTTPS 1 . ech=0", + rr, &rr_len, &dname_len, 300, NULL, 0, NULL, 0); + unit_assert(e == LDNS_WIREPARSE_ERR_OK); + unit_assert(rr_len == dname_len + 10 /* type,class,ttl,rdatalen */ + 7 /* rdata */); + unit_assert(sldns_read_uint16(rr + dname_len + 8 /* rdlen */) == 7); +} + void ldns_test(void) { unit_show_feature("sldns"); rr_tests(); b64_test(); + svcb_ech_test(); } diff --git a/testdata/svcb.tdir/svcb.success-cases.zone b/testdata/svcb.tdir/svcb.success-cases.zone index c3d015ec0..50cf1f3c9 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone +++ b/testdata/svcb.tdir/svcb.success-cases.zone @@ -59,3 +59,7 @@ _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/dns-query{?dns}" _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcd}{!abcd}{?dns} _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcdabcd?dns?defedf} _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-queryéè{?dns} + +; The ech=0 convenience entry for empty ech list +echempty SVCB 0 . ech=0 +echempty SVCB 0 h2. ech diff --git a/testdata/svcb.tdir/svcb.success-cases.zone.cmp b/testdata/svcb.tdir/svcb.success-cases.zone.cmp index 3a42393ba..fc84d601e 100644 --- a/testdata/svcb.tdir/svcb.success-cases.zone.cmp +++ b/testdata/svcb.tdir/svcb.success-cases.zone.cmp @@ -16,3 +16,5 @@ _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?dns _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?abcd}{!abcd}{?dns}" _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query{?abcdabcd?dns?defedf}" _dns.doh.example. 7200 IN SVCB 1 doh.example. alpn="h2" dohpath="/dns-query\195\169\195\168{?dns}" +echempty.success-cases. 7200 IN SVCB 0 . ech +echempty.success-cases. 7200 IN SVCB 0 h2. ech