From ba445afb4fcc172e002b6941712028ded77f5e15 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 19 Mar 2020 12:26:37 +1100
Subject: [PATCH] Check that bad message id's are caught by named

---
 bin/tests/system/ans.pl                 | 12 +++++++++++-
 bin/tests/system/xfer/ans5/badmessageid | 10 ++++++++++
 bin/tests/system/xfer/clean.sh          | 26 ++++++++++++-------------
 bin/tests/system/xfer/tests.sh          | 22 +++++++++++++++++++++
 util/copyrights                         |  1 +
 5 files changed, 57 insertions(+), 14 deletions(-)
 create mode 100644 bin/tests/system/xfer/ans5/badmessageid

diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl
index d7f9f63cfa..9d77eb4575 100644
--- a/bin/tests/system/ans.pl
+++ b/bin/tests/system/ans.pl
@@ -62,6 +62,11 @@
 #  Note that this data will still be sent with any request for
 #  pattern, only this data will be signed. Currently, this is only
 #  done for TCP.
+#
+# /pattern bad-id <key> <key_data>/
+# /pattern bad-id/
+#
+# will add 50 to the message id of the response.
 
 
 use IO::File;
@@ -361,7 +366,7 @@ sub handleTCP {
 	my $r;
 	foreach $r (@rules) {
 		my $pattern = $r->{pattern};
-		my($dbtype, $key_name, $key_data) = split(/ /,$pattern);
+		my($dbtype, $key_name, $key_data, $extra) = split(/ /,$pattern);
 		print "[handleTCP] $dbtype, $key_name, $key_data \n";
 		if ("$qname $qtype" =~ /$dbtype/) {
 			$count_these++;
@@ -369,6 +374,11 @@ sub handleTCP {
 			foreach $a (@{$r->{answer}}) {
 				$packet->push("answer", $a);
 			}
+			if(defined($key_name) && $key_name eq "bad-id") {
+				$packet->header->id(($id+50)%0xffff);
+				$key_name = $key_data;
+				$key_data = $extra;
+			}
 			if (defined($key_name) && defined($key_data)) {
 				my $tsig;
 				# sign the packet
diff --git a/bin/tests/system/xfer/ans5/badmessageid b/bin/tests/system/xfer/ans5/badmessageid
new file mode 100644
index 0000000000..e0dc04168b
--- /dev/null
+++ b/bin/tests/system/xfer/ans5/badmessageid
@@ -0,0 +1,10 @@
+/SOA tsig_key LSAnCU+Z/
+nil.      	300	SOA	ns.nil. root.nil. 1 300 300 604800 300
+/AXFR tsig_key LSAnCU+Z/
+nil.      	300	SOA	ns.nil. root.nil. 1 300 300 604800 300
+/AXFR bad-id tsig_key LSAnCU+Z/
+nil.      	300	NS	ns.nil.
+nil.		300	TXT	"bad message id"
+a.nil.		60	A	10.0.0.61
+/AXFR bad-id tsig_key LSAnCU+Z/
+nil.      	300	SOA	ns.nil. root.nil. 1 300 300 604800 300
diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh
index e172922253..f6de806024 100644
--- a/bin/tests/system/xfer/clean.sh
+++ b/bin/tests/system/xfer/clean.sh
@@ -13,25 +13,25 @@
 # Clean up after zone transfer tests.
 #
 
-rm -f dig.out.*
+rm -f */ans.run
+rm -f */named.conf
+rm -f */named.memstats
+rm -f */named.run
+rm -f */named.run.prev
 rm -f axfr.out
-rm -f stats.*
-rm -f ns1/slave.db ns2/slave.db
+rm -f dig.out.*
+rm -f ns*/managed-keys.bind*
+rm -f ns*/named.lock
 rm -f ns1/edns-expire.db
+rm -f ns1/ixfr-too-big.db ns1/ixfr-too-big.db.jnl
+rm -f ns1/slave.db ns2/slave.db
 rm -f ns2/example.db ns2/tsigzone.db ns2/example.db.jnl
+rm -f ns2/mapped.db
 rm -f ns3/example.bk ns3/xfer-stats.bk ns3/tsigzone.bk ns3/example.bk.jnl
+rm -f ns3/mapped.bk
 rm -f ns3/master.bk ns3/master.bk.jnl
 rm -f ns4/*.db ns4/*.jnl
 rm -f ns6/*.db ns6/*.bk ns6/*.jnl
 rm -f ns7/*.db ns7/*.bk ns7/*.jnl
 rm -f ns8/large.db ns8/small.db
-rm -f */named.conf
-rm -f */named.run
-rm -f */named.memstats
-rm -f */named.run
-rm -f */ans.run
-rm -f ns*/named.lock
-rm -f ns2/mapped.db
-rm -f ns3/mapped.bk
-rm -f ns1/ixfr-too-big.db ns1/ixfr-too-big.db.jnl
-rm -f ns*/managed-keys.bind*
+rm -f stats.*
diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh
index d0aaca6256..c88de9e679 100755
--- a/bin/tests/system/xfer/tests.sh
+++ b/bin/tests/system/xfer/tests.sh
@@ -384,6 +384,28 @@ $DIGCMD nil. TXT | grep 'incorrect key AXFR' >/dev/null && {
     status=$((status+1))
 }
 
+n=$((n+1))
+echo_i "bad message id ($n)"
+
+$SENDCMD < ans5/badmessageid
+
+# Uncomment to see AXFR stream with mismatching IDs.
+# $DIG $DIGOPTS @10.53.0.5 -y tsig_key:LSAnCU+Z nil. AXFR +all
+
+$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i
+
+sleep 2
+
+nextpart ns4/named.run | grep "unexpected message id" > /dev/null || {
+    echo_i "failed: expected status was not logged"
+    status=$((status+1))
+}
+
+$DIGCMD nil. TXT | grep 'bad message id' >/dev/null && {
+    echo_i "failed"
+    status=$((status+1))
+}
+
 n=$((n+1))
 echo_i "check that we ask for and get a EDNS EXPIRE response ($n)"
 # force a refresh query
diff --git a/util/copyrights b/util/copyrights
index d176a9c783..1297eb8bd3 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1167,6 +1167,7 @@
 ./bin/tests/system/win32/pipequeries.vcxproj.in	X	2016,2017,2018,2019,2020
 ./bin/tests/system/win32/pipequeries.vcxproj.user	X	2016,2018,2019,2020
 ./bin/tests/system/xfer/ans5/badkeydata		X	2011,2018,2019,2020
+./bin/tests/system/xfer/ans5/badmessageid	X	2020
 ./bin/tests/system/xfer/ans5/goodaxfr		X	2011,2018,2019,2020
 ./bin/tests/system/xfer/ans5/partial		X	2011,2018,2019,2020
 ./bin/tests/system/xfer/ans5/unknownkey		X	2011,2018,2019,2020