Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
33e94f50
Commit
33e94f50
authored
May 03, 2017
by
Mark Andrews
Browse files
4615. [bug] AD could be set on truncated answer with no records
present in the answer and authority sections. [RT #45140]
parent
78551a3f
Changes
4
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
33e94f50
4615. [bug] AD could be set on truncated answer with no records
present in the answer and authority sections.
[RT #45140]
4614. [test] Fixed an error in the sockaddr unit test. [RT #45146]
4613. [func] By default, the maximum size of a zone journal file
...
...
bin/tests/system/resolver/ns6/keygen.sh
View file @
33e94f50
...
...
@@ -16,7 +16,7 @@ zonefile="${zone}.db"
infile
=
"
${
zonefile
}
.in"
cp
$infile
$zonefile
ksk
=
`
$KEYGEN
-q
-3
-r
$RANDFILE
-fk
$zone
`
zsk
=
`
$KEYGEN
-q
-3
-r
$RANDFILE
$zone
`
zsk
=
`
$KEYGEN
-q
-3
-r
$RANDFILE
-b
2048
$zone
`
cat
$ksk
.key
$zsk
.key
>>
$zonefile
$SIGNER
-P
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null 2>&1
...
...
bin/tests/system/resolver/tests.sh
View file @
33e94f50
...
...
@@ -734,5 +734,21 @@ test ${ttl:-1} -eq 0 || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
n
=
`
expr
$n
+ 1
`
echo
"I:check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +ad (
${
n
}
)"
ret
=
0
$DIG
@10.53.0.6
-p
5300 dnskey ds.example.net +bufsize
=
512 +ad +nodnssec +ignore +norec
>
dig.out.
$n
grep
"flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0"
dig.out.
$n
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
n
=
`
expr
$n
+ 1
`
echo
"I:check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +dnssec (
${
n
}
)"
ret
=
0
$DIG
@10.53.0.6
-p
5300 dnskey ds.example.net +bufsize
=
512 +noad +dnssec +ignore +norec
>
dig.out.
$n
grep
"flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0"
dig.out.
$n
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:exit status:
$status
"
[
$status
-eq
0
]
||
exit
1
lib/dns/message.c
View file @
33e94f50
...
...
@@ -1960,6 +1960,15 @@ renderset(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
return
(
result
);
}
static
void
maybe_clear_ad
(
dns_message_t
*
msg
,
dns_section_t
sectionid
)
{
if
(
msg
->
counts
[
sectionid
]
==
0
&&
(
sectionid
==
DNS_SECTION_ANSWER
||
(
sectionid
==
DNS_SECTION_AUTHORITY
&&
msg
->
counts
[
DNS_SECTION_ANSWER
]
==
0
)))
msg
->
flags
&=
~
DNS_MESSAGEFLAG_AD
;
}
isc_result_t
dns_message_rendersection
(
dns_message_t
*
msg
,
dns_section_t
sectionid
,
unsigned
int
options
)
...
...
@@ -2157,6 +2166,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
*
(
msg
->
buffer
)
=
st
;
/* rollback */
msg
->
buffer
->
length
+=
msg
->
reserved
;
msg
->
counts
[
sectionid
]
+=
total
;
maybe_clear_ad
(
msg
,
sectionid
);
return
(
result
);
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment