ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Merge branch '3158-only-set-foundname-on-success-test' into 'main'

Browse Source 
[CVE-2022-0635] Add regression test

Closes #3158

See merge request isc-projects/bind9!6060
This commit is contained in:
Michal Nowak
2022-04-05 09:02:09 +00:00
parent ed9a4d9d71 56fbed2f0f
commit 04e9b6060c
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/synthfromdnssec/ns1/dnamed.db.in
View File

@@ -10,7 +10,8 @@
; information regarding copyright ownership.
$TTL 3600
@ SOA ns1 hostmaster 1 3600 1200 604800 3600
@ SOA ns1 hostmaster 1 3600 1200 604800 5
@ NS ns1
ns1 A 10.53.0.1
a A 10.53.0.1
dname DNAME example.

21
bin/tests/system/synthfromdnssec/tests.sh
View File

@@ -850,5 +850,26 @@ n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
echo_i "regression test for CVE-2022-0635 ($n)"
ret=0
# add DNAME to cache
dig_with_opts dname.dnamed. dname @10.53.0.5 > dig.out.ns5-1.test$n || ret=1
grep "status: NOERROR" dig.out.ns5-1.test$n >/dev/null || ret=1
# add A record to cache at name before DNAME owner
dig_with_opts a.dnamed. a @10.53.0.5 > dig.out.ns5-2.test$n || ret=1
grep "status: NOERROR" dig.out.ns5-2.test$n >/dev/null || ret=1
# add NSEC record to cache at name before DNAME owner
dig_with_opts a.dnamed. aaaa @10.53.0.5 > dig.out.ns5-3.test$n || ret=1
grep "status: NOERROR" dig.out.ns5-3.test$n >/dev/null || ret=1
# wait for NSEC to timeout
sleep 6
# use DNAME for lookup
dig_with_opts b.dname.dnamed a @10.53.0.5 > dig.out.ns5-4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns5-4.test$n >/dev/null || ret=1
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1