look for name that generated 0FEH552TRKV2I9QUNQ8KQ23MFH2IJGAK

Use proper casting in socket unit test

Closes #710

See merge request isc-projects/bind9!1099

bin/delv/delv.c

@@ -765,7 +765,14 @@ setup_dnsseckeys(dns_client_t *client) {
 	if (dlv_validation)
 		dns_client_setdlv(client, dns_rdataclass_in, dlv_anchor);
 
+
  cleanup:
+	if (bindkeys != NULL) {
+		cfg_obj_destroy(parser, &bindkeys);
+	}
+	if (parser != NULL) {
+		cfg_parser_destroy(&parser);
+	}
 	if (result != ISC_R_SUCCESS)
 		delv_log(ISC_LOG_ERROR, "setup_dnsseckeys: %s",
 			  isc_result_totext(result));

lib/dns/zoneverify.c

@@ -45,11 +45,13 @@
 #include <isc/base32.h>
 #include <isc/buffer.h>
 #include <isc/heap.h>
+#include <isc/hex.h>
 #include <isc/iterated_hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
 #include <isc/region.h>
 #include <isc/result.h>
+#include <isc/string.h>
 #include <isc/types.h>
 #include <isc/util.h>
 
@@ -60,8 +62,8 @@ typedef struct vctx {
 	dns_dbversion_t *	ver;
 	dns_name_t *		origin;
 	dns_keytable_t *	secroots;
-	bool		goodksk;
-	bool		goodzsk;
+	bool			goodksk;
+	bool			goodzsk;
 	dns_rdataset_t		keyset;
 	dns_rdataset_t		keysigs;
 	dns_rdataset_t		soaset;
@@ -83,9 +85,9 @@ typedef struct vctx {
 } vctx_t;
 
 struct nsec3_chain_fixed {
-	uint8_t		hash;
-	uint8_t		salt_length;
-	uint8_t		next_length;
+	uint8_t			hash;
+	uint8_t			salt_length;
+	uint8_t			next_length;
 	uint16_t		iterations;
 	/*
 	 * The following non-fixed-length data is stored in memory after the
@@ -97,6 +99,14 @@ struct nsec3_chain_fixed {
 	 */
 };
 
+static unsigned char the_ndata[] = "\0400FEH552TRKV2I9QUNQ8KQ23MFH2IJGAK\002be";
+static unsigned char the_offsets[] = { 0, 33, 36 };
+static dns_name_t the_name = DNS_NAME_INITABSOLUTE(the_ndata, the_offsets);
+
+static unsigned char other_ndata[] = "\0400FEH552TRKV2I9QUNQ8KQ23MFH2IJGAK\002be";
+static unsigned char other_offsets[] = { 0, 33, 36 };
+static dns_name_t other_name = DNS_NAME_INITABSOLUTE(other_ndata, other_offsets);
+
 /*%
  * Log a zone verification error described by 'fmt' and the variable arguments
  * following it.  Either use dns_zone_logv() or print to stderr, depending on
@@ -481,6 +491,10 @@ match_nsec3(const vctx_t *vctx, const dns_name_t *name,
 	isc_result_t result;
 	unsigned int len;
 
+	if (dns_name_equal(&the_name, name)) {
+		fprintf(stderr, "match_nsec3\n");
+		fflush(stderr);
+	}
 	/*
 	 * Find matching NSEC3 record.
 	 */
@@ -618,6 +632,7 @@ record_found(const vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
 	result = dns_db_findrdataset(vctx->db, node, vctx->ver,
 				     dns_rdatatype_nsec3, 0, 0, &rdataset,
 				     NULL);
+	if (dns_name_equal(&the_name, name)) fprintf(stderr, "dns_db_findrdataset->%s\n", dns_result_totext(result));
 	if (result != ISC_R_SUCCESS) {
 		return (ISC_R_SUCCESS);
 	}
@@ -626,6 +641,7 @@ record_found(const vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
 	isc_region_consume(&hashlabel, 1);
 	isc_buffer_init(&b, owner, sizeof(owner));
 	result = isc_base32hex_decoderegion(&hashlabel, &b);
+	if (dns_name_equal(&the_name, name)) fprintf(stderr, "isc_base32hex_decoderegion->%s\n", dns_result_totext(result));
 	if (result != ISC_R_SUCCESS) {
 		result = ISC_R_SUCCESS;
 		goto cleanup;
@@ -647,6 +663,7 @@ record_found(const vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
 		 * record.
 		 */
 		if (!innsec3params(&nsec3, nsec3paramset)) {
+			if (dns_name_equal(&the_name, name)) fprintf(stderr, "!innsec3params\n");
 			continue;
 		}
 
@@ -654,6 +671,7 @@ record_found(const vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
 		 * Record chain.
 		 */
 		result = record_nsec3(vctx, owner, &nsec3, vctx->found_chains);
+	if (dns_name_equal(&the_name, name)) fprintf(stderr, "record_nsec3->%s\n", dns_result_totext(result));
 		if (result != ISC_R_SUCCESS) {
 			zoneverify_log_error(vctx, "record_nsec3(): %s",
 					     isc_result_totext(result));
@@ -698,6 +716,12 @@ isoptout(const vctx_t *vctx, const dns_rdata_t *nsec3rdata,
 
 	dns_rdataset_init(&rdataset);
 	hashname = dns_fixedname_name(&fixed);
+	if (dns_name_equal(&other_name, hashname)) {
+		char nb[DNS_NAME_FORMATSIZE];
+		dns_name_format(vctx->origin, nb, sizeof(nb));
+		fprintf(stderr, "othername from %s\n", nb);
+		fflush(stderr);
+	}
 	result = dns_db_findnsec3node(vctx->db, hashname, false, &node);
 	if (result == ISC_R_SUCCESS) {
 		result = dns_db_findrdataset(vctx->db, node, vctx->ver,
@@ -763,16 +787,13 @@ verifynsec3(const vctx_t *vctx, const dns_name_t *name,
 		return (ISC_R_SUCCESS);
 	}
 
-	result = isoptout(vctx, rdata, &optout);
-	if (result != ISC_R_SUCCESS) {
-		return (result);
-	}
 
 	dns_fixedname_init(&fixed);
 	result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, name,
 				    vctx->origin, nsec3param.hash,
 				    nsec3param.iterations, nsec3param.salt,
 				    nsec3param.salt_length);
+	if (dns_name_equal(&the_name, name)) fprintf(stderr, "dns_nsec3_hashname->%s\n", dns_result_totext(result));
 	if (result != ISC_R_SUCCESS) {
 		zoneverify_log_error(vctx, "dns_nsec3_hashname(): %s",
 				     isc_result_totext(result));
@@ -787,6 +808,22 @@ verifynsec3(const vctx_t *vctx, const dns_name_t *name,
 	 */
 	dns_rdataset_init(&rdataset);
 	hashname = dns_fixedname_name(&fixed);
+	if (dns_name_equal(&other_name, hashname)) {
+		char nb[DNS_NAME_FORMATSIZE];
+		dns_name_format(name, nb, sizeof(nb));
+		fprintf(stderr, "othername from %s\n", nb);
+		fflush(stderr);
+	}
+	if (dns_name_equal(&the_name, hashname)) {
+		fprintf(stderr, "verifynsec3\n");
+		fflush(stderr);
+	}
+
+	result = isoptout(vctx, rdata, &optout);
+	if (result != ISC_R_SUCCESS) {
+		return (result);
+	}
+
 	result = dns_db_findnsec3node(vctx->db, hashname, false, &node);
 	if (result == ISC_R_SUCCESS) {
 		result = dns_db_findrdataset(vctx->db, node, vctx->ver,
@@ -979,6 +1016,11 @@ verifynode(vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
 
 	REQUIRE(vresult != NULL || (nsecset == NULL && nsec3paramset == NULL));
 
+	if (dns_name_equal(&the_name, name)) {
+		fprintf(stderr, "verifynode\n");
+		fflush(stderr);
+	}
+
 	memset(types, 0, sizeof(types));
 	result = dns_db_allrdatasets(vctx->db, node, vctx->ver, 0, &rdsiter);
 	if (result != ISC_R_SUCCESS) {
@@ -1057,6 +1099,7 @@ verifynode(vctx_t *vctx, const dns_name_t *name, dns_dbnode_t *node,
 	{
 		result = verifynsec3s(vctx, name, nsec3paramset, delegation,
 				      false, types, maxtype, &tvresult);
+		if (dns_name_equal(&the_name, name)) fprintf(stderr, "verifynsec3s->%s\n", dns_result_totext(result));
 		if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
@@ -1147,7 +1190,7 @@ static bool
 checknext(const vctx_t *vctx, const struct nsec3_chain_fixed *first,
 	  const struct nsec3_chain_fixed *e)
 {
-	char buf[512];
+	char buf[512], salt[512 + 1];
 	const unsigned char *d1 = (const unsigned char *)(first + 1);
 	const unsigned char *d2 = (const unsigned char *)(e + 1);
 	isc_buffer_t b;
@@ -1160,11 +1203,21 @@ checknext(const vctx_t *vctx, const struct nsec3_chain_fixed *first,
 		return (true);
 	}
 
+	if (first->salt_length == 0) {
+		strlcpy(salt, "-", sizeof(salt));
+	} else {
+		DE_CONST((const unsigned char *)(first + 1), sr.base);
+		sr.length = first->salt_length;
+		isc_buffer_init(&b, salt, sizeof(salt));
+		isc_hex_totext(&sr, 1, "", &b);
+		salt[isc_buffer_usedlength(&b)] = 0;
+	}
 	DE_CONST(d1 - first->next_length, sr.base);
 	sr.length = first->next_length;
 	isc_buffer_init(&b, buf, sizeof(buf));
 	isc_base32hex_totext(&sr, 1, "", &b);
-	zoneverify_log_error(vctx, "Break in NSEC3 chain at: %.*s",
+	zoneverify_log_error(vctx, "Break in NSEC3 chain (%u %u %s) at: %.*s",
+			     first->hash, first->iterations, salt,
 			     (int)isc_buffer_usedlength(&b), buf);
 
 	DE_CONST(d1, sr.base);
@@ -1174,21 +1227,69 @@ checknext(const vctx_t *vctx, const struct nsec3_chain_fixed *first,
 	zoneverify_log_error(vctx, "Expected: %.*s",
 			     (int)isc_buffer_usedlength(&b), buf);
 
+	if (e->salt_length == 0) {
+		strlcpy(salt, "-", sizeof(salt));
+	} else {
+		DE_CONST((const unsigned char *)(e + 1);, sr.base);
+		sr.length = e->salt_length;
+		isc_buffer_init(&b, salt, sizeof(salt));
+		isc_hex_totext(&sr, 1, "", &b);
+		salt[isc_buffer_usedlength(&b)] = 0;
+	}
 	DE_CONST(d2, sr.base);
 	sr.length = first->next_length;
 	isc_buffer_init(&b, buf, sizeof(buf));
 	isc_base32hex_totext(&sr, 1, "", &b);
-	zoneverify_log_error(vctx, "Found: %.*s",
+	zoneverify_log_error(vctx, "Found (%u %u %s): %.*s",
+			     e->hash, e->iterations, salt,
 			     (int)isc_buffer_usedlength(&b), buf);
 
 	return (false);
 }
 
+static void
+report(const vctx_t *vctx, const char *str,
+       const struct nsec3_chain_fixed *e)
+{
+	char this[512+1], next[512+1], salt[512 + 1];
+	const unsigned char *cp = (const unsigned char *)(e + 1);
+	isc_buffer_t b;
+	isc_region_t sr;
+
+	if (e->salt_length == 0) {
+		strlcpy(salt, "-", sizeof(salt));
+	} else {
+		DE_CONST(cp, sr.base);
+		sr.length = e->salt_length;
+		isc_buffer_init(&b, salt, sizeof(salt) - 1);
+		isc_hex_totext(&sr, 1, "", &b);
+		salt[isc_buffer_usedlength(&b)] = 0;
+	}
+
+	cp += e->salt_length;
+	DE_CONST(cp, sr.base);
+	sr.length = e->next_length;
+	isc_buffer_init(&b, this, sizeof(this) - 1);
+	isc_base32hex_totext(&sr, 1, "", &b);
+	this[isc_buffer_usedlength(&b)] = 0;
+
+	cp += e->next_length;
+	DE_CONST(cp, sr.base);
+	sr.length = e->next_length;
+	isc_buffer_init(&b, next, sizeof(next) - 1);
+	isc_base32hex_totext(&sr, 1, "", &b);
+	next[isc_buffer_usedlength(&b)] = 0;
+
+	zoneverify_log_error(vctx, "%s %s NSEC3 %u ? %u %s %s", str,
+			     this, e->hash, e->iterations, salt, next);
+}
+
 static isc_result_t
 verify_nsec3_chains(const vctx_t *vctx, isc_mem_t *mctx) {
 	isc_result_t result = ISC_R_SUCCESS;
 	struct nsec3_chain_fixed *e, *f = NULL;
 	struct nsec3_chain_fixed *first = NULL, *prev = NULL;
+	unsigned int i = 0;
 
 	while ((e = isc_heap_element(vctx->expected_chains, 1)) != NULL) {
 		isc_heap_delete(vctx->expected_chains, 1);
@@ -1198,6 +1299,8 @@ verify_nsec3_chains(const vctx_t *vctx, isc_mem_t *mctx) {
 		if (f != NULL) {
 			isc_heap_delete(vctx->found_chains, 1);
 
+			i++;
+
 			/*
 			 * Check that they match.
 			 */
@@ -1210,6 +1313,8 @@ verify_nsec3_chains(const vctx_t *vctx, isc_mem_t *mctx) {
 						vctx,
 						"Expected and found NSEC3 "
 						"chains not equal");
+					report(vctx, "Expected:", e);
+					report(vctx, "Found:   ", f);
 				}
 				result = ISC_R_FAILURE;
 				/*
@@ -1237,6 +1342,7 @@ verify_nsec3_chains(const vctx_t *vctx, isc_mem_t *mctx) {
 			result = ISC_R_FAILURE;
 		}
 		if (first == NULL || newchain(first, e)) {
+fprintf(stderr, "record new chain\n");
 			if (prev != NULL) {
 				if (!checknext(vctx, prev, first)) {
 					result = ISC_R_FAILURE;
@@ -1260,6 +1366,7 @@ verify_nsec3_chains(const vctx_t *vctx, isc_mem_t *mctx) {
 		prev = e;
 	}
 	if (prev != NULL) {
+fprintf(stderr, "final %u\n", i);
 		if (!checknext(vctx, prev, first)) {
 			result = ISC_R_FAILURE;
 		}
@@ -1732,6 +1839,52 @@ determine_active_algorithms(vctx_t *vctx, bool ignore_kskflag,
 		vctx->bad_algorithms[i] = 1;
 	}
 }
+static void
+xxxx(vctx_t *vctx, dns_name_t *name) {
+	unsigned char rawhash[NSEC3_MAX_HASH_LENGTH];
+	size_t rhsize = sizeof(rawhash);
+	dns_fixedname_t fixed;
+	dns_name_t *hashname;
+	isc_result_t result;
+	dns_rdata_nsec3param_t nsec3param;
+	dns_rdataset_t rdataset;
+
+	if (!dns_rdataset_isassociated(&vctx->nsec3paramset))
+		return;
+
+	dns_fixedname_init(&fixed);
+	hashname = dns_fixedname_name(&fixed);
+	dns_rdataset_init(&rdataset);
+	dns_rdataset_clone(&vctx->nsec3paramset, &rdataset);
+
+	for (result = dns_rdataset_first(&rdataset);
+	     result == ISC_R_SUCCESS;
+	     result = dns_rdataset_next(&rdataset))
+	{
+		dns_rdata_t rdata = DNS_RDATA_INIT;
+
+		dns_rdataset_current(&rdataset, &rdata);
+		result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
+		result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, name,
+					    vctx->origin, nsec3param.hash,
+					    nsec3param.iterations, nsec3param.salt,
+					    nsec3param.salt_length);
+		if (result != ISC_R_SUCCESS) {
+			zoneverify_log_error(vctx, "dns_nsec3_hashname(): %s",
+						     isc_result_totext(result));
+			continue;
+		}
+
+		if (dns_name_equal(&other_name, hashname)) {
+			char nb[DNS_NAME_FORMATSIZE];
+			dns_name_format(name, nb, sizeof(nb));
+			fprintf(stderr, "\n\nothername from %s\n\n\n", nb);
+			fflush(stderr);
+		}
+	}
+	dns_rdataset_disassociate(&rdataset);
+}
 
 /*%
  * Check that all the records not yet verified were signed by keys that are
@@ -1778,6 +1931,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
 					     isc_result_totext(result));
 			goto done;
 		}
+		xxxx(vctx, name);
 		if (!dns_name_issubdomain(name, vctx->origin)) {
 			result = check_no_nsec(vctx, name, node);
 			if (result != ISC_R_SUCCESS) {
@@ -1821,6 +1975,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
 				dns_db_detachnode(vctx->db, &node);
 				goto done;
 			}
+			xxxx(vctx, nextname);
 			if (!dns_name_issubdomain(nextname, vctx->origin) ||
 			    (zonecut != NULL &&
 			     dns_name_issubdomain(nextname, zonecut)))
@@ -1862,6 +2017,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
 		result = verifynode(vctx, name, node, isdelegation,
 				    &vctx->keyset, &vctx->nsecset,
 				    &vctx->nsec3paramset, nextname, &tvresult);
+		if (dns_name_equal(&the_name, name)) fprintf(stderr, "verifynode->%s\n", dns_result_totext(result));
 		if (result != ISC_R_SUCCESS) {
 			dns_db_detachnode(vctx->db, &node);
 			goto done;
@@ -1877,6 +2033,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
 						  isdelegation,
 						  &vctx->nsec3paramset,
 						  &tvresult);
+			if (dns_name_equal(&the_name, name)) fprintf(stderr, "verifyemptynodes->%s\n", dns_result_totext(result));
 			if (result != ISC_R_SUCCESS) {
 				dns_db_detachnode(vctx->db, &node);
 				goto done;
@@ -1911,6 +2068,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
 					     isc_result_totext(result));
 			goto done;
 		}
+		xxxx(vctx, name);
 		result = verifynode(vctx, name, node, false, &vctx->keyset,
 				    NULL, NULL, NULL, NULL);
 		if (result != ISC_R_SUCCESS) {
@@ -1920,6 +2078,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
 			goto done;
 		}
 		result = record_found(vctx, name, node, &vctx->nsec3paramset);
+		if (dns_name_equal(&the_name, name)) fprintf(stderr, "record_found->%s\n", dns_result_totext(result));
 		dns_db_detachnode(vctx->db, &node);
 		if (result != ISC_R_SUCCESS) {
 			goto done;

lib/isc/tests/socket_test.c

@@ -93,21 +93,32 @@ accept_done(isc_task_t *task, isc_event_t *event) {
 
 static void
 event_done(isc_task_t *task, isc_event_t *event) {
-	isc_socketevent_t *dev;
+	isc_socketevent_t *sev = NULL;
+	isc_socket_connev_t *connev = NULL;
 	completion_t *completion = event->ev_arg;
-
 	UNUSED(task);
 
-	dev = (isc_socketevent_t *) event;
-	completion->result = dev->result;
-	completion->done = true;
-	if ((dev->attributes & ISC_SOCKEVENTATTR_DSCP) != 0) {
-		recv_dscp = true;
-		recv_dscp_value = dev->dscp;;
-	} else {
-		recv_dscp = false;
+	switch (event->ev_type) {
+	case ISC_SOCKEVENT_RECVDONE:
+	case ISC_SOCKEVENT_SENDDONE:
+		sev = (isc_socketevent_t *) event;
+		completion->result = sev->result;
+		if ((sev->attributes & ISC_SOCKEVENTATTR_DSCP) != 0) {
+			recv_dscp = true;
+			recv_dscp_value = sev->dscp;;
+		} else {
+			recv_dscp = false;
+		}
+		recv_trunc = ((sev->attributes & ISC_SOCKEVENTATTR_TRUNC) != 0);
+		break;
+	case ISC_SOCKEVENT_CONNECT:
+		connev = (isc_socket_connev_t *) event;
+		completion->result = connev->result;
+		break;
+	default:
+		assert_false(true);
 	}
-	recv_trunc = ((dev->attributes & ISC_SOCKEVENTATTR_TRUNC) != 0);
+	completion->done = true;
 	isc_event_free(&event);
 }