3100. [security] Certain response policy zone configurations could

trigger an INSIST when receiving a query of type
			RRSIG. [RT #24280]

bin/tests/system/rpz/tests.sh

@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.3 2011/01/13 04:59:24 tbox Exp $
+# $Id: tests.sh,v 1.4 2011/04/27 17:46:47 each Exp $
 
 # test response policy zones (RPZ)
 
@@ -215,6 +215,38 @@ if grep CNAME $DIGNM >/dev/null; then : ; else
 fi
 end_test
 
+ret=0
+echo "I:checking RRSIG queries"
+# We don't actually care about the query results; the important
+# thing is the server handles RRSIG queries okay
+$DIGCMD a3-1.tld2 -trrsig @$s3 > /dev/null 2>&1
+$DIGCMD a3-2.tld2 -trrsig @$s3 > /dev/null 2>&1
+$DIGCMD a3-5.tld2 -trrsig @$s3 > /dev/null 2>&1
+$DIGCMD www.redirect -trrsig @$s3 > /dev/null 2>&1
+
+$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then
+    echo "I:failed";
+    (cd ..; $PERL start.pl --noclean --restart rpz ns3)
+fi
+status=`expr $status + $ret`
+
+ret=0
+echo "I:checking SIG queries"
+# We don't actually care about the query results; the important
+# thing is the server handles SIG queries okay
+$DIGCMD a3-1.tld2 -tsig @$s3 > /dev/null 2>&1
+$DIGCMD a3-2.tld2 -tsig @$s3 > /dev/null 2>&1
+$DIGCMD a3-5.tld2 -tsig @$s3 > /dev/null 2>&1
+$DIGCMD www.redirect -tsig @$s3 > /dev/null 2>&1
+
+$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then
+    echo "I:failed";
+    (cd ..; $PERL start.pl --noclean --restart rpz ns3)
+fi
+status=`expr $status + $ret`
+
 if test "$status" -eq 0; then
     rm -f dig.out*
 fi