From b2f2fed65b343084f4d54b454ec4a203448b8e09 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Wed, 17 Aug 2022 13:19:32 +0300 Subject: [PATCH 1/4] DIG: fix handling of +http-plain-{get, post} options Support for parsing +http-plain-get and +http-plain-post options was broken. This commit fixes that. --- bin/dig/dig.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 5452ec8e0e..2142f9696a 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1552,12 +1552,12 @@ plus_option(char *option, bool is_batchfile, bool *need_clone, FULLCHECK("http-plain"); break; case '-': - switch (cmd[6]) { + switch (cmd[11]) { case 'p': - FULLCHECK("https-plain-post"); + FULLCHECK("http-plain-post"); break; case 'g': - FULLCHECK("https-plain-get"); + FULLCHECK("http-plain-get"); lookup->https_get = true; break; } From bd29705a9f66810bd6cc079a2e444f36a95632fc Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Wed, 17 Aug 2022 17:35:28 +0300 Subject: [PATCH 2/4] DIG: mark HTTP GET method in output This commit makes dig mark the usage of HTTP(S) GET protocol usage in its output. --- bin/dig/dig.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 2142f9696a..04ca4001c7 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -359,9 +359,11 @@ received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) { proto = "TLS"; } else if (query->lookup->https_mode) { if (query->lookup->http_plain) { - proto = "HTTP"; + proto = query->lookup->https_get ? "HTTP-GET" + : "HTTP"; } else { - proto = "HTTPS"; + proto = query->lookup->https_get ? "HTTPS-GET" + : "HTTPS"; } } else if (query->lookup->tcp_mode) { proto = "TCP"; From 0c6b1f8e8f686e5c25ea4de67e21c7ec4faf1856 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Wed, 17 Aug 2022 17:36:50 +0300 Subject: [PATCH 3/4] Modify the doth system test to verify HTTP method usage Before the commit some checks in the system test would try to verify that different HTTP methods can be used and are functional. However, until recently, it was not possible to tell from the output which method was in fact used, so it turned out that +http-plain-get option is broken. This commit add the additional checks to prevent that from happening in the future. --- bin/tests/system/doth/tests.sh | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh index 35f6799814..920d6af214 100644 --- a/bin/tests/system/doth/tests.sh +++ b/bin/tests/system/doth/tests.sh @@ -344,16 +344,18 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query (POST) ($n)" ret=0 -dig_with_https_opts @10.53.0.1 . SOA > dig.out.test$n +dig_with_https_opts +stat @10.53.0.1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTPS)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query via IPv6 (POST) ($n)" ret=0 -dig_with_https_opts -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n +dig_with_https_opts +stat -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTPS)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -416,16 +418,18 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query (GET) ($n)" ret=0 -dig_with_https_opts +https-get @10.53.0.1 . SOA > dig.out.test$n +dig_with_https_opts +stat +https-get @10.53.0.1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTPS-GET)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query via IPv6 (GET) ($n)" ret=0 -dig_with_https_opts -6 +https-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n +dig_with_https_opts -6 +stat +https-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTPS-GET)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -488,32 +492,36 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking unencrypted DoH query (POST) ($n)" ret=0 -dig_with_http_opts @10.53.0.1 . SOA > dig.out.test$n +dig_with_http_opts +stat @10.53.0.1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTP)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) echo_i "checking unencrypted DoH query via IPv6 (POST) ($n)" ret=0 -dig_with_http_opts -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n +dig_with_http_opts -6 +stat @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTP)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) echo_i "checking unencrypted DoH query (GET) ($n)" ret=0 -dig_with_http_opts +http-plain-get @10.53.0.1 . SOA > dig.out.test$n +dig_with_http_opts +stat +http-plain-get @10.53.0.1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTP-GET)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) echo_i "checking unencrypted DoH query via IPv6 (GET) ($n)" ret=0 -dig_with_http_opts -6 +http-plain-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n +dig_with_http_opts -6 +stat +http-plain-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +grep -F "(HTTP-GET)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) From 26a66d095ca9815a6c5587948166f03d0e74d828 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Wed, 17 Aug 2022 13:34:52 +0300 Subject: [PATCH 4/4] Modify CHANGES (+http-plain-{get, post} support fix in dig) This commit modifies the CHANGES file to mention that +http-plain-get and +http-plain-post options support in dig was fixed. --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index b4ab7c6af5..27471917d1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5944. [bug] Fix +http-plain-get and +http-plain-post options + support in dig. Thanks to Marco Davids at SIDN for + reporting the problem. [GL !6672] + 5943. [placeholder] 5942. [bug] Fix tkey.c:buildquery() function's error handling by