Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
38e8022a
Commit
38e8022a
authored
May 05, 2004
by
Mark Andrews
Browse files
1625. [bug] named failed to load/transfer RFC2535 signed zones
which contained CNAMES. [RT# 11237]
parent
af6e33e7
Changes
10
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
38e8022a
...
...
@@ -3,7 +3,8 @@
1626. [bug] --enable-getifaddrs was broken. [RT#11259]
1625. [placeholder] rt11237
1625. [bug] named failed to load/transfer RFC2535 signed zones
which contained CNAMES. [RT# 11237]
1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
...
...
bin/named/update.c
View file @
38e8022a
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.11
0
2004/0
4/1
5 01:
58:23
marka Exp $ */
/* $Id: update.c,v 1.11
1
2004/0
5/0
5 01:
32:56
marka Exp $ */
#include <config.h>
...
...
@@ -850,7 +850,8 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
this name and type */
*
typep
=
type
=
t
->
rdata
.
type
;
if
(
type
==
dns_rdatatype_rrsig
)
if
(
type
==
dns_rdatatype_rrsig
||
type
==
dns_rdatatype_sig
)
covers
=
dns_rdata_covers
(
&
t
->
rdata
);
else
covers
=
0
;
...
...
@@ -2467,8 +2468,9 @@ update_action(isc_task_t *task, isc_event_t *event) {
ctx
.
ignore_add
=
ISC_FALSE
;
dns_diff_init
(
mctx
,
&
ctx
.
del_diff
);
dns_diff_init
(
mctx
,
&
ctx
.
add_diff
);
CHECK
(
foreach_rr
(
db
,
ver
,
name
,
rdata
.
type
,
covers
,
add_rr_prepare_action
,
&
ctx
));
CHECK
(
foreach_rr
(
db
,
ver
,
name
,
rdata
.
type
,
covers
,
add_rr_prepare_action
,
&
ctx
));
if
(
ctx
.
ignore_add
)
{
dns_diff_clear
(
&
ctx
.
del_diff
);
...
...
bin/tests/system/dnssec/ns2/example.db.in
View file @
38e8022a
...
...
@@ -13,7 +13,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: example.db.in,v 1.1
4
2004/0
4/15 23:40:22
marka Exp $
; $Id: example.db.in,v 1.1
5
2004/0
5/05 01:32:57
marka Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
...
...
@@ -70,6 +70,10 @@ dynamic A 10.53.0.3
mustbesecure NS ns.mustbesecure
ns.mustbesecure A 10.53.0.3
; A rfc2535 signed zone w/ CNAME
rfc2535 NS ns.rfc2535
ns.rfc2535 A 10.53.0.3
z A 10.0.0.26
keyless NS ns.keyless
...
...
bin/tests/system/dnssec/ns2/named.conf
View file @
38e8022a
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
3
2004
/
0
3
/
10
02
:
19
:
5
3
marka
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
2
4
2004
/
0
5
/
05
01
:
32
:
5
7
marka
Exp
$ */
//
NS2
...
...
@@ -62,4 +62,10 @@ zone "insecure.secure.example" {
allow
-
update
{
any
; };
};
zone
"rfc2335.example"
{
type
master
;
file
"rfc2335.example.db"
;
};
include
"trusted.conf"
;
bin/tests/system/dnssec/ns2/rfc2335.example.db
0 → 100644
View file @
38e8022a
; File written on Fri Apr 30 12:19:15 2004
; dnssec_signzone version 9.2.4rc3
rfc2335.example. 300 IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
300 SIG SOA 1 2 300 20040530021915 (
20040430021915 47799 rfc2335.example.
nGPJKIzF7X/hMJbZURRz59UeEi/6HRxCn9Er
GqSnpw0Ea9Yx5Axu6sLKnF7jXlkZ6NHMCIpJ
+Lv+FDHXTs/dQg== )
300 NS ns.rfc2335.example.
300 SIG NS 1 2 300 20040530021915 (
20040430021915 47799 rfc2335.example.
Q234AL9dJYMvxdWG33lpww6AJ3GplKp+ace7
MUaj0oqDdkx4DtJF2XaP2xcqq7kTOObdQ8ES
vVxNThqOx7LFzg== )
300 KEY 256 3 1 (
AQPZhzXIabI8y5ihWUw7F0WxN2MabnYWkOcV
Fn11NgaGSdjBSYPRMMwMCasD5N2KYPRUP83W
y8mj+ofcoW1FurcZ
) ; key id = 47799
300 NXT a.rfc2335.example. NS SOA SIG KEY NXT
300 SIG NXT 1 2 300 20040530021915 (
20040430021915 47799 rfc2335.example.
Y587mqNy6pBEfbsU6+weM2XRSqLwLwRT9Sl7
oNuOK9kV3TR4R2M54m2S0MgJCXbRAwU+fF8Q
UbZkSTVe2N8Nyg== )
a.rfc2335.example. 300 IN A 10.0.0.1
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
FnfWrcw5ire8ut25504zti5l///BdDMUAkJZ
UCLFiTW4lBGMcq1pqz64zltDZXCgJ3xUeQ2i
nRt19/ZxO6Z1KA== )
300 NXT b.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
R6SpC3ndMVg4u/eZaaUsXSuMHV/hZXeaM/Op
bJLAe3KxMiOHfb6XgLy7wflAiC1xt6A9bWpy
kTc5T5gfic33kA== )
b.rfc2335.example. 300 IN A 10.0.0.2
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
zjRsYXMGyhDI6ipDtu8YXC9XPN+3hGamzzxL
8uPE/LPo+x19MNdbzEgWzlajAf1/mkSGr2jN
BDMVBA5NMKpwAA== )
300 NXT d.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
aV87iZCYsC5Tqop827Zzb18TNqopGt0QynkR
gIF/lIHqZasNFRfaS1/nTnXdDKD8JS5IqxKb
oTJr5zswDAtCEw== )
d.rfc2335.example. 300 IN A 10.0.0.4
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
NsKyvhUYZxTbOTBX4YwxTxevI5iGBpULKwmt
+D4l00ME4XRygOVmiqVDTT9dF1EgjDxOdfMT
hSjtCh5M1b2f6g== )
300 NXT ns.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
OGqlvSDZIZdHYigh4UAFzXfPze7vcQfgj7sN
+cAeoh4BL1gpa00DqANCxowNCYluDk3ZCDwt
UHZEJa8ZjNvv4g== )
ns.rfc2335.example. 300 IN A 10.53.0.3
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
T6ZGeUWflLTku8jO23x/TeAPeUl8t0I18FCh
qHUZaHomLQasQ2jlZQn6cLpFd2uFJkBNxZ0G
I39aG7G1bObXdA== )
300 NXT x.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
l46mrf3/Ii5iRm3AiDjYeMg4ZXBgitHxXA2y
e/NhKpkxRRpCs7UQ94wT/RiSCjjK49E5FBe6
5bRxtWq0GI7zlg== )
x.rfc2335.example. 300 IN CNAME a.rfc2335.example.
300 SIG CNAME 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
L3IOluq+kboBd2gR2Mu54uJKCUzfmyHRiWKl
kfx+vuFr0I8mEHQRmJtouxNDrBzmzGp5vybK
SdabLWw0n6uQEA== )
300 NXT z.rfc2335.example. CNAME SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
CBKoJSkZzdpwiON7JS4yPFY5VVeBjfT19x/O
vx+5UK1JZUNKhTXWWgW1er+JlLzNf4Ot40+l
z9HUTyaeS0eWyw== )
z.rfc2335.example. 300 IN A 10.0.0.26
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
ccqjVHnehvVwlNNd4+7n/GzGlRjj+ul0gCT3
X3950LTccxHsOFyjNNm8v/Ho/aurSYdqXEjY
jwmjC6elwkzB7A== )
300 NXT rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
W42WoFyd9erysv8HjKo+CpHIH1x6+pAKwCDO
/hHnkEpQI3brewxl7cWOPYeA92Ns80Ody/ui
m2E28A5gnmWqPw== )
bin/tests/system/dnssec/ns3/named.conf
View file @
38e8022a
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
6
2004
/
0
4
/
15
23
:
40
:
22
marka
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
2
7
2004
/
0
5
/
05
01
:
32
:
57
marka
Exp
$ */
//
NS3
...
...
@@ -79,4 +79,10 @@ zone "mustbesecure.example" {
file
"mustbesecure.example.db"
;
};
zone
"rfc2335.example"
{
type
slave
;
masters
{
10
.
53
.
0
.
2
; };
file
"rfc2335.example.bk"
;
};
include
"trusted.conf"
;
bin/tests/system/dnssec/tests.sh
View file @
38e8022a
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.4
4
2004/0
3/10 02:19
:5
3
marka Exp $
# $Id: tests.sh,v 1.4
5
2004/0
5/05 01:32
:5
6
marka Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -446,6 +446,27 @@ ret=0
$DIG
$DIGOPTS
private.secure.example. SOA @10.53.0.6
\
>
dig.out.ns6.test
$n
||
ret
=
1
grep
"flags:.*ad.*QUERY"
dig.out.ns6.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:checking that we can load a rfc2535 signed zone (
$n
)"
ret
=
0
$DIG
$DIGOPTS
rfc2535.example. SOA @10.53.0.2
\
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"status: NOERROR"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:checking that we can transfer a rfc2535 signed zone (
$n
)"
ret
=
0
$DIG
$DIGOPTS
rfc2535.example. SOA @10.53.0.3
\
>
dig.out.ns3.test
$n
||
ret
=
1
grep
"status: NOERROR"
dig.out.ns3.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
# Run a minimal update test if possible. This is really just
# a regression test for RT #2399; more tests should be added.
...
...
lib/dns/master.c
View file @
38e8022a
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: master.c,v 1.14
8
2004/0
3
/05 0
5:09:21
marka Exp $ */
/* $Id: master.c,v 1.14
9
2004/0
5
/05 0
1:32:58
marka Exp $ */
#include <config.h>
...
...
@@ -1645,7 +1645,8 @@ load(dns_loadctx_t *lctx) {
}
if
(
type
==
dns_rdatatype_rrsig
)
if
(
type
==
dns_rdatatype_rrsig
||
type
==
dns_rdatatype_sig
)
covers
=
dns_rdata_covers
(
&
rdata
[
rdcount
]);
else
covers
=
0
;
...
...
lib/dns/message.c
View file @
38e8022a
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: message.c,v 1.22
2
2004/0
3/10 00:47:40
marka Exp $ */
/* $Id: message.c,v 1.22
3
2004/0
5/05 01:32:58
marka Exp $ */
/***
*** Imports
...
...
@@ -1288,18 +1288,16 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
if
(
result
!=
ISC_R_SUCCESS
)
goto
cleanup
;
rdata
->
rdclass
=
rdclass
;
issigzero
=
ISC_FALSE
;
if
(
rdtype
==
dns_rdatatype_rrsig
&&
rdata
->
flags
==
0
)
{
covers
=
dns_rdata_covers
(
rdata
);
if
(
covers
==
0
)
DO_FORMERR
;
}
else
covers
=
0
;
issigzero
=
ISC_FALSE
;
if
(
rdtype
==
dns_rdatatype_sig
/* SIG(0) */
&&
rdata
->
flags
==
0
)
{
if
(
dns_rdata_covers
(
rdata
)
==
0
)
{
}
else
if
(
rdtype
==
dns_rdatatype_sig
/* SIG(0) */
&&
rdata
->
flags
==
0
)
{
covers
=
dns_rdata_covers
(
rdata
);
if
(
covers
==
0
)
{
if
(
sectionid
!=
DNS_SECTION_ADDITIONAL
||
count
!=
msg
->
counts
[
sectionid
]
-
1
)
DO_FORMERR
;
...
...
@@ -1308,7 +1306,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
skip_type_search
=
ISC_TRUE
;
issigzero
=
ISC_TRUE
;
}
}
}
else
covers
=
0
;
/*
* If we are doing a dynamic update or this is a meta-type,
...
...
lib/dns/rbtdb.c
View file @
38e8022a
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rbtdb.c,v 1.19
6
2004/0
3
/05 0
5:09:22
marka Exp $ */
/* $Id: rbtdb.c,v 1.19
7
2004/0
5
/05 0
1:32:58
marka Exp $ */
/*
* Principal Author: Bob Halley
...
...
@@ -3669,10 +3669,13 @@ cname_and_other_data(dns_rbtnode_t *node, rbtdb_serial_t serial) {
* or RRSIG CNAME.
*/
rdtype
=
RBTDB_RDATATYPE_BASE
(
header
->
type
);
if
(
rdtype
==
dns_rdatatype_rrsig
)
if
(
rdtype
==
dns_rdatatype_rrsig
||
rdtype
==
dns_rdatatype_sig
)
rdtype
=
RBTDB_RDATATYPE_EXT
(
header
->
type
);
if
(
rdtype
!=
dns_rdatatype_nsec
&&
rdtype
!=
dns_rdatatype_dnskey
&&
rdtype
!=
dns_rdatatype_nxt
&&
rdtype
!=
dns_rdatatype_key
&&
rdtype
!=
dns_rdatatype_cname
)
{
/*
* We've found a type that isn't
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment