From 0cf72a941470b64f394cc98733c5e7cff0ef048e Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 11 Mar 2020 15:15:08 +1100
Subject: [PATCH] Check that dig/host/nslookup handle a UPDATE response.

Additionally check that "delete $qname SOA" in the update
reponse doesn't trigger a insertion in nslookup.

(cherry picked from commit 6593cf0b5a0f1e5064f5a0d59323968b55c2cf1b)
---
 bin/tests/system/conf.sh.in          |  1 +
 bin/tests/system/digdelv/ans7/ans.pl | 66 ++++++++++++++++++++++++++++
 bin/tests/system/digdelv/clean.sh    |  2 +
 bin/tests/system/digdelv/tests.sh    | 48 ++++++++++++++++++++
 util/copyrights                      |  1 +
 5 files changed, 118 insertions(+)
 create mode 100755 bin/tests/system/digdelv/ans7/ans.pl

diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 0d83fdfb9c..2317bd8544 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -39,6 +39,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
 DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
 FEATURETEST=$TOP/bin/tests/system/feature-test
 FSTRM_CAPTURE=@FSTRM_CAPTURE@
+HOST=$TOP/bin/dig/host
 IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
 JOURNALPRINT=$TOP/bin/tools/named-journalprint
 KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
diff --git a/bin/tests/system/digdelv/ans7/ans.pl b/bin/tests/system/digdelv/ans7/ans.pl
new file mode 100755
index 0000000000..934c345898
--- /dev/null
+++ b/bin/tests/system/digdelv/ans7/ans.pl
@@ -0,0 +1,66 @@
+#!/usr/bin/perl -w
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+use IO::File;
+use IO::Socket;
+use Net::DNS;
+use Net::DNS::Packet;
+
+my $localport = int($ENV{'PORT'});
+if (!$localport) { $localport = 5300; }
+
+my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.7",
+   LocalPort => $localport, Proto => "udp") or die "$!";
+
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
+print $pidf "$$\n" or die "cannot write pid file: $!";
+$pidf->close or die "cannot close pid file: $!";
+sub rmpid { unlink "ans.pid"; exit 1; };
+
+$SIG{INT} = \&rmpid;
+$SIG{TERM} = \&rmpid;
+
+STDOUT->autoflush(1);
+
+print "Net::DNS::VERSION => $Net::DNS::VERSION\n";
+
+for (;;) {
+	$sock->recv($buf, 512);
+
+	print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
+
+	my $packet;
+
+	if ($Net::DNS::VERSION > 0.68) {
+		$packet = new Net::DNS::Packet(\$buf, 0);
+		$@ and die $@;
+	} else {
+		my $err;
+		($packet, $err) = new Net::DNS::Packet(\$buf, 0);
+		$err and die $err;
+	}
+
+	print "REQUEST:\n";
+	$packet->print;
+
+	$packet->header->qr(1);
+	$packet->header->opcode(5);
+
+	my @questions = $packet->question;
+	my $qname = $questions[0]->qname;
+	my $qtype = $questions[0]->qtype;
+	$packet->push("update", rr_del("$qname SOA"));
+
+	print "RESPONSE:\n";
+	$packet->print;
+
+	$sock->send($packet->data);
+}
diff --git a/bin/tests/system/digdelv/clean.sh b/bin/tests/system/digdelv/clean.sh
index 10fc6d001a..f895977f29 100644
--- a/bin/tests/system/digdelv/clean.sh
+++ b/bin/tests/system/digdelv/clean.sh
@@ -20,6 +20,8 @@ rm -f ./dig.out.mm.*
 rm -f ./dig.out.mn.*
 rm -f ./dig.out.nm.*
 rm -f ./dig.out.nn.*
+rm -f ./host.out.test*
+rm -f ./nslookup.out.test*
 rm -f ./ns*/named.lock
 rm -f ./ns*/managed-keys.bind*
 rm -f ./ns2/example.db ./ns2/K* ./ns2/keyid ./ns2/keydata
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 99578a9cb8..13950f9111 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -67,8 +67,56 @@ if [ -n "$PYTHON" ] ; then
 	$PYTHON -c "import yaml" 2> /dev/null && HAS_PYYAML=1
 fi
 
+#
+# test whether ans7/ans.pl will be able to send a UPDATE response.
+# if it can't, we will log that below.
+#
+if "$PERL" -e 'use Net::DNS; use Net::DNS::Packet; my $p = new Net::DNS::Packet; $p->header->opcode(5);' > /dev/null 2>&1
+then
+	checkupdate=1
+else
+	checkupdate=0
+fi
+
+if [ -x "$NSLOOKUP" -a $checkupdate -eq 1 ] ; then
+
+  n=$((n+1))
+  echo_i "check nslookup handles UPDATE response ($n)"
+  ret=0
+  "$NSLOOKUP" -q=CNAME "-port=$PORT" foo.bar 10.53.0.7 > nslookup.out.test$n 2>&1 && ret=1
+  grep "Opcode mismatch" nslookup.out.test$n > /dev/null || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
+fi
+
+if [ -x "$HOST" -a $checkupdate -eq 1 ] ; then
+
+  n=$((n+1))
+  echo_i "check host handles UPDATE response ($n)"
+  ret=0
+  "$HOST" -t CNAME -p $PORT foo.bar 10.53.0.7 > host.out.test$n 2>&1 && ret=1
+  grep "Opcode mismatch" host.out.test$n > /dev/null || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
+fi
+
 if [ -x "$DIG" ] ; then
 
+  if [ $checkupdate -eq 1 ] ; then
+
+    n=$((n+1))
+    echo_i "check dig handles UPDATE response ($n)"
+    ret=0
+    dig_with_opts @10.53.0.7 cname foo.bar > dig.out.test$n 2>&1 && ret=1
+    grep "Opcode mismatch" dig.out.test$n > /dev/null || ret=1
+    if [ $ret -ne 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+  else
+    echo_i "Skipped UPDATE handling test"
+  fi
+
   n=$((n+1))
   echo_i "checking dig short form works ($n)"
   ret=0
diff --git a/util/copyrights b/util/copyrights
index d64222516f..2ba6c60df8 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -493,6 +493,7 @@
 ./bin/tests/system/digdelv/ans4/startme		X	2017,2018,2019,2020
 ./bin/tests/system/digdelv/ans5/ans.pl		PERL	2019,2020
 ./bin/tests/system/digdelv/ans6/ans.pl		PERL	2019,2020
+./bin/tests/system/digdelv/ans7/ans.pl		PERL	2020
 ./bin/tests/system/digdelv/clean.sh		SH	2015,2016,2018,2019,2020
 ./bin/tests/system/digdelv/ns2/sign.sh		SH	2018,2019,2020
 ./bin/tests/system/digdelv/prereq.sh		SH	2018,2019,2020