print out tsig errors after rcode and tsig error field

7425ccb7 · Mark Andrews · 3837a529 · 7425ccb7
Commit 7425ccb7 authored Sep 17, 2018 by Mark Andrews
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 18 deletions

genreport.c genreport.c +30 -18

No files found.
--- a/genreport.c
+++ b/genreport.c
@@ -1777,6 +1777,9 @@ process(struct workitem *item, unsigned char *buf, int buflen) {
 	int seenopt = 0, seensoa = 0, seenrrsig = 0;
 	int seennsid = 0, seenecs = 0, seenexpire = 0, seencookie = 0;
 	int seenecho = 0, seentsig = 0, proxy = 0, addrcode = 1;
+	int tsig_not_last = 0, tsig_bad_class = 0, tsig_bad_ttl = 0;
+	int tsig_wrong_key = 0, tsig_wrong_alg = 0, tsig_bad_time = 0;
+	int tsig_bad_other_len = 0, tsig_bad_sig = 0;
 	int n;
 	char addrbuf[64];
 	int ednsvers = 0;
@@ -2102,8 +2105,6 @@ process(struct workitem *item, unsigned char *buf, int buflen) {
 				goto err;
 			if (type == ns_t_tsig && !seentsig) {
-				int wrongalg = 0;
-				int wrongkey = 0;
 				time_t now;
 				u_int64_t ts;
 				unsigned char *ep; /* error pointer */
@@ -2118,24 +2119,20 @@ process(struct workitem *item, unsigned char *buf, int buflen) {
 				unsigned int maclen, otherlen;
 				if ((i + 1) != adcount)
-					addtag(item, "tsig-not-last"), ok = 0;
+					tsig_not_last = 1;
 				if (class != ns_c_any)
-					addtag(item, "tsig-bad-class"), ok = 0;
+					tsig_bad_class = 1;
 				if (ttl != 0)
-					addtag(item, "tsig-bad-ttl"), ok = 0;
+					tsig_bad_ttl = 1;
-				if (strcasecmp(name, "") != 0) {
+				if (strcasecmp(name, "") != 0)
-					addtag(item, "tsig-wrong-key"), ok = 0;
+					tsig_wrong_key = 1;
-					wrongkey = 1;
-				}
 				n = dn_expand(buf, rd + rdlen, rd, name,
 					      sizeof(name));
 				if (n < 0 || rdlen < n)
 					goto err;
-				if (strcasecmp(name, HMACSHA256) != 0) {
+				if (strcasecmp(name, HMACSHA256) != 0)
-					addtag(item, "tsig-wrong-alg"), ok = 0;
+					tsig_wrong_alg = 1;
-					wrongalg = 1;
-				}
 				rd += n;
 				if ((eor - rd) < 10)
 					goto err;
@@ -2150,7 +2147,7 @@ process(struct workitem *item, unsigned char *buf, int buflen) {
 				time(&now);
 				if ((ts > (now + fudge)) ||
 				    (ts < (now - fudge)))
-					addtag(item, "tsig-badtime"), ok = 0;
+					tsig_bad_time = 1;
 				maclen = ns_get16(rd);
 				rd += 2;
 				if ((eor - rd) < maclen)
@@ -2168,8 +2165,7 @@ process(struct workitem *item, unsigned char *buf, int buflen) {
 				rd += 2;
 				if (tsigerror == ns_r_badtime &&
 				    otherlen != 6)
-					addtag(item,
+					tsig_bad_other_len = 1;
-					       "tsig-bad-other-len"), ok = 0;
 				rd += otherlen;
 				if (rd != eor)
 					goto err;
@@ -2243,10 +2239,10 @@ process(struct workitem *item, unsigned char *buf, int buflen) {
 				hmctx = NULL;
 				if ( (tsigerror == ns_r_noerror ||
 				     tsigerror == ns_r_badtime) &&
-				    (wrongkey || wrongalg ||
+				    (tsig_wrong_key || tsig_wrong_alg ||
 				     maclen != sizeof(digest) ||
 				     (memcmp(mac, digest, maclen) != 0)))
-					addtag(item, "tsig-bad-sig"), ok = 0;
+					tsig_bad_sig = 1;
 				seentsig = 1;
 			} else if (type == ns_t_tsig)
 				goto err;
@@ -2327,6 +2323,22 @@ process(struct workitem *item, unsigned char *buf, int buflen) {
 	/* Report if we didn't get a TSIG when we were expecting it */
 	if (strcmp(opts[item->test].name, "dnswkk") == 0 && !seentsig)
 		addtag(item, "notsig"), ok = 0;
+	if (tsig_not_last)
+		addtag(item, "tsig-not-last"), ok = 0;
+	if (tsig_bad_class)
+		addtag(item, "tsig-bad-class"), ok = 0;
+	if (tsig_bad_ttl)
+		addtag(item, "tsig-bad-ttl"), ok = 0;
+	if (tsig_wrong_key)
+		addtag(item, "tsig-wrong-key"), ok = 0;
+	if (tsig_wrong_alg)
+		addtag(item, "tsig-wrong-alg"), ok = 0;
+	if (tsig_bad_time)
+		addtag(item, "tsig-bad-time"), ok = 0;
+	if (tsig_bad_other_len)
+		addtag(item, "tsig-bad-other-len"), ok = 0;
+	if (tsig_bad_sig)
+		addtag(item, "tsig-bad-sig"), ok = 0;
 	/* Expect BADVERS to EDNS Version != 0 */
 	if (opts[item->test].version != 0)