ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Don't permit loading meta RR types such as TKEY from master files (#47009)

Browse Source
This commit is contained in:
Mukund Sivaraman
2018-01-22 14:26:04 +05:30
parent 63d0c6a3fc
commit 8a4ce20172
8 changed files with 97 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
bin/tests/system/checkzone/zones/bad-generate-tkey.db Normal file
View File

@@ -0,0 +1,12 @@
; Copyright (C) 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
$GENERATE 0-7 tkey$ TKEY "invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw=="

12
bin/tests/system/checkzone/zones/bad-tkey.db Normal file
View File

@@ -0,0 +1,12 @@
; Copyright (C) 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
tkey TKEY invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==

12
bin/tests/system/checkzone/zones/bad-tsig.db Normal file
View File

@@ -0,0 +1,12 @@
; Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
$TTL 600
@ SOA ns hostmaster 2011012708 3600 1200 604800 1200
NS ns
ns A 192.0.2.1
tsig TSIG hmac-sha1. 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0

12
bin/tests/system/nsupdate/tests.sh
View File

@@ -886,6 +886,18 @@ END
grep "address family not supported" nsupdate.out-$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
ret=0
echo "I:check that TKEY in a update is rejected ($n)"
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
server 10.53.0.3 5300
update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
send
END
grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
#
# Add client library tests here
#