Merge branch '254-invalid-rpz-prefix-length-log-message-improperly-displays-the-prefix-labels-not-length' into 'master'

Resolve ""invalid RPZ prefix length" log message improperly displays the prefix labels, not length"

Closes #254

See merge request isc-projects/bind9!270

CHANGES

@@ -1,3 +1,6 @@
+4976.	[bug]		Log the label with invalid prefix length correctly
+			when loading RPZ zones. [GL #254]
+
 4975.	[bug]		The server cookie computation for sha1 and sha256 did
 			not match the method described in RFC 7873. [GL #356]
 

bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength

@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+     NS ns
+ns A 127.0.0.1
+1000.4.0.53.10.rpz-client-ip A 10.53.0.1

bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf

@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+    zone "." {
+	type hint;
+	file "root.hint";
+    };
+
+    # policy configuration to be tested
+    response-policy {
+	zone "invalidprefixlength";
+    };
+
+    # policy zones to be tested
+    zone "invalidprefixlength" { type master; file "db.invalidprefixlength"; };
+};

bin/tests/system/rpzrecurse/tests.sh

@@ -476,6 +476,16 @@ do
     status=1
   }
 
+  # Check for invalid prefix length error
+  t=`expr $t + 1`
+  echo_i "testing for invalid prefix length error (${t})"
+  add_test_marker 10.53.0.2
+  run_server invalidprefixlength
+  grep "invalid rpz IP address \"1000.4.0.53.10.rpz-client-ip.invalidprefixlength\"; invalid prefix length of 1000$" ns2/named.run > /dev/null || {
+    echo_i " failed: expected that invalid prefix length error would be logged"
+    status=1
+  }
+
   t=`expr $t + 1`
   echo_i "checking 'nsip-wait-recurse no' is faster than 'nsip-wait-recurse yes' ($t)"
   add_test_marker 10.53.0.2

lib/dns/rpz.c

@@ -849,6 +849,11 @@ name2ipkey(int log_level,
 			"; invalid leading prefix length", "");
 		return (ISC_R_FAILURE);
 	}
+	/*
+	 * Patch in trailing nul character to print just the length
+	 * label (for various cases below).
+	 */
+	*cp2 = '\0';
 	if (prefix_num < 1U || prefix_num > 128U) {
 		badname(log_level, src_name,
 			"; invalid prefix length of ", prefix_str);

util/copyrights

@@ -1912,6 +1912,7 @@
 ./bin/tests/system/rpzrecurse/ns2/db.clientip1	ZONE	2015,2016,2018
 ./bin/tests/system/rpzrecurse/ns2/db.clientip2	ZONE	2015,2016,2018
 ./bin/tests/system/rpzrecurse/ns2/db.clientip21	ZONE	2016,2018
+./bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength	ZONE	2018
 ./bin/tests/system/rpzrecurse/ns2/db.log1	ZONE	2015,2016,2018
 ./bin/tests/system/rpzrecurse/ns2/db.log2	ZONE	2015,2016,2018
 ./bin/tests/system/rpzrecurse/ns2/db.log3	ZONE	2015,2016,2018
@@ -1923,6 +1924,7 @@
 ./bin/tests/system/rpzrecurse/ns2/named.clientip2.conf	CONF-C	2016,2017,2018
 ./bin/tests/system/rpzrecurse/ns2/named.conf.header.in	CONF-C	2015,2016,2017,2018
 ./bin/tests/system/rpzrecurse/ns2/named.default.conf	CONF-C	2015,2016,2018
+./bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf	CONF-C	2018
 ./bin/tests/system/rpzrecurse/ns2/named.log.conf	CONF-C	2015,2016,2017,2018
 ./bin/tests/system/rpzrecurse/ns2/named.max.conf	CONF-C	2018
 ./bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf	CONF-C	2015,2016,2017,2018