Commit 0b8bd3a4 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] address TKEY bugs

3486.	[bug]		named could crash when using TKEY-negotiated keys
			that had been deleted and then recreated. [RT #32506]

commit 6a48b9999766d26cddc7cef275cd984b7d53c014
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 14:59:46 2013 -0800

    [rt32506] don't dump key if dump is unimplemented

commit d0ae0f44b460bab2e8bb24bba683d3ef69ec1765
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 14:42:25 2013 -0800

    [rt32506] make sure LRU needs adjusting before adjusting it

commit 0437f8f06b1cb72a6d5e3c30f27febca23846d95
Author: Evan Hunt <each@isc.org>
Date:   Tue Jan 29 12:28:28 2013 -0800

    [rt32506] demonstrate bugs in tkey test
parent 6330174f
3486. [bug] named could crash when using TKEY-negotiated keys
that had been deleted and then recreated. [RT #32506]
3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
3484. [bug] Some statistics were incorrectly rendered in XML.
......
......@@ -17,7 +17,6 @@
# $Id: clean.sh,v 1.8 2011/11/03 23:46:26 tbox Exp $
rm -f dig.out.* random.data ns1/named.conf
rm -f dig.out.* rndc.out.* random.data ns1/named.conf
rm -f K* ns1/K*
rm -f */named.memstats
rm -f rndc.out
; Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$TTL 1D
@ IN SOA ns hostmaster (
1
3600
1800
1814400
3
)
NS ns
ns A 10.53.0.1
mx MX 10 mail
a A 10.53.0.1
A 10.53.0.2
txt TXT "this is text"
......@@ -47,3 +47,9 @@ key "tkeytest." {
algorithm hmac-md5;
secret "0123456789ab";
};
zone example {
type master;
file "example.db";
allow-query { key tkeytest.; none; };
};
......@@ -19,6 +19,8 @@
RANDFILE=random.data
sh clean.sh
../../../tools/genrandom 100 $RANDFILE
cd ns1 && sh setup.sh
......@@ -91,8 +91,17 @@ status=`expr $status + $ret`
echo "I:checking the key with 'rndc tsig-list'"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out
grep "key \"bar.example.server" rndc.out > /dev/null || ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.1
grep "key \"bar.example.server" rndc.out.1 > /dev/null || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
fi
status=`expr $status + $ret`
echo "I:using key in a request"
ret=0
$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.3 || ret=1
grep "status: NOERROR" dig.out.3 > /dev/null || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
fi
......@@ -101,8 +110,38 @@ status=`expr $status + $ret`
echo "I:deleting the key with 'rndc tsig-delete'"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-delete bar.example.server > /dev/null || ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out
grep "key \"bar.example.server" rndc.out > /dev/null && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.2
grep "key \"bar.example.server" rndc.out.2 > /dev/null && ret=1
$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.4 || ret=1
grep "TSIG could not be validated" dig.out.4 > /dev/null || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
fi
status=`expr $status + $ret`
echo "I:recreating the bar.example. key"
ret=0
keyname=`./keycreate $dhkeyname bar.example.` || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
echo "I:exit status: $status"
exit $status
fi
status=`expr $status + $ret`
echo "I:checking the new key with 'rndc tsig-list'"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.3
grep "key \"bar.example.server" rndc.out.3 > /dev/null || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
fi
status=`expr $status + $ret`
echo "I:using the new key in a request"
ret=0
$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.5 || ret=1
grep "status: NOERROR" dig.out.5 > /dev/null || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
fi
......
......@@ -1269,7 +1269,7 @@ dst_key_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) {
REQUIRE(length != NULL && *length == 0);
REQUIRE(VALID_KEY(key));
if (key->func->isprivate == NULL)
if (key->func->dump == NULL)
return (ISC_R_NOTIMPLEMENTED);
return (key->func->dump(key, mctx, buffer, length));
}
......
......@@ -239,7 +239,9 @@ adjust_lru(dns_tsigkey_t *tkey) {
* We may have been removed from the LRU list between
* removing the read lock and aquiring the write lock.
*/
if (ISC_LINK_LINKED(tkey, link)) {
if (ISC_LINK_LINKED(tkey, link) &&
(tkey->ring->lru).head != tkey)
{
ISC_LIST_UNLINK(tkey->ring->lru, tkey, link);
ISC_LIST_APPEND(tkey->ring->lru, tkey, link);
}
......@@ -625,8 +627,7 @@ restore_key(dns_tsig_keyring_t *ring, isc_stdtime_t now, FILE *fp) {
}
static void
dump_key(dns_tsigkey_t *tkey, FILE *fp)
{
dump_key(dns_tsigkey_t *tkey, FILE *fp) {
char *buffer = NULL;
int length = 0;
char namestr[DNS_NAME_FORMATSIZE];
......@@ -634,6 +635,9 @@ dump_key(dns_tsigkey_t *tkey, FILE *fp)
char algorithmstr[DNS_NAME_FORMATSIZE];
isc_result_t result;
REQUIRE(tkey != NULL);
REQUIRE(fp != NULL);
dns_name_format(&tkey->name, namestr, sizeof(namestr));
dns_name_format(tkey->creator, creatorstr, sizeof(creatorstr));
dns_name_format(tkey->algorithm, algorithmstr, sizeof(algorithmstr));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment