Commit 5e8b772a authored by Mark Andrews's avatar Mark Andrews
Browse files

Ensure base64/base32/hex fields in DNS records that should be non-empty are.

parent 5114270f
Pipeline #8587 passed with stages
in 18 minutes and 45 seconds
5126. [bug] Named incorrectly accepted empty base64 and hex encoded
fields when reading master files. [GL #807]
5125. [bug] Allow for up to 100 records or 64k of data when caching
a negative response. [GL #804]
 
......
......@@ -36,15 +36,16 @@ done
for db in zones/bad*.db
do
echo_i "checking $db ($n)"
ret=0
ret=0 v=0
case $db in
zones/bad-dns-sd-reverse.db)
$CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db > test.out.$n 2>&1 && ret=1
$CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db > test.out.$n 2>&1 || v=$?
;;
*)
$CHECKZONE -i local example $db > test.out.$n 2>&1 && ret=1
$CHECKZONE -i local example $db > test.out.$n 2>&1 || v=$?
;;
esac
test $v = 1 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......
......@@ -14,7 +14,7 @@ dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 7 3 7200 2010 20100225214229 30323 dyn.example.net.
7200 RRSIG SOA 7 3 7200 2010 20100225214229 30323 dyn.example.net. MuyI
7200 NS ns1.example.net.
7200 NS ns2.example.net.
3600 RRSIG DNSKEY 7 3 3600 20100227180048 (
......
......@@ -868,13 +868,16 @@ unknown_fromtext(dns_rdataclass_t rdclass, dns_rdatatype_t type,
if (result != ISC_R_SUCCESS)
return (result);
result = isc_hex_tobuffer(lexer, buf,
(unsigned int)token.value.as_ulong);
if (result != ISC_R_SUCCESS)
goto failure;
if (isc_buffer_usedlength(buf) != token.value.as_ulong) {
result = ISC_R_UNEXPECTEDEND;
goto failure;
if (token.value.as_ulong != 0U) {
result = isc_hex_tobuffer(lexer, buf,
(unsigned int)token.value.as_ulong);
if (result != ISC_R_SUCCESS) {
goto failure;
}
if (isc_buffer_usedlength(buf) != token.value.as_ulong) {
result = ISC_R_UNEXPECTEDEND;
goto failure;
}
}
if (dns_rdatatype_isknown(type)) {
......
......@@ -55,7 +55,7 @@ fromtext_cert(ARGS_FROMTEXT) {
RETTOK(dns_secalg_fromtext(&secalg, &token.value.as_textregion));
RETERR(mem_tobuffer(target, &secalg, 1));
return (isc_base64_tobuffer(lexer, target, -1));
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -74,7 +74,7 @@ generic_fromtext_ds(ARGS_FROMTEXT) {
length = ISC_SHA384_DIGESTLENGTH;
break;
default:
length = -1;
length = -2;
break;
}
return (isc_hex_tobuffer(lexer, target, length));
......
......@@ -108,7 +108,7 @@ fromtext_ipseckey(ARGS_FROMTEXT) {
/*
* Public key.
*/
return (isc_base64_tobuffer(lexer, target, -1));
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -21,7 +21,6 @@
static inline isc_result_t
generic_fromtext_key(ARGS_FROMTEXT) {
isc_result_t result;
isc_token_t token;
dns_secalg_t alg;
dns_secproto_t proto;
......@@ -55,11 +54,7 @@ generic_fromtext_key(ARGS_FROMTEXT) {
if ((flags & 0xc000) == 0xc000)
return (ISC_R_SUCCESS);
result = isc_base64_tobuffer(lexer, target, -1);
if (result != ISC_R_SUCCESS)
return (result);
return (ISC_R_SUCCESS);
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -21,7 +21,6 @@
static inline isc_result_t
fromtext_keydata(ARGS_FROMTEXT) {
isc_result_t result;
isc_token_t token;
dns_secalg_t alg;
dns_secproto_t proto;
......@@ -76,11 +75,7 @@ fromtext_keydata(ARGS_FROMTEXT) {
if ((flags & 0xc000) == 0xc000)
return (ISC_R_SUCCESS);
result = isc_base64_tobuffer(lexer, target, -1);
if (result != ISC_R_SUCCESS)
return (result);
return (ISC_R_SUCCESS);
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -28,7 +28,7 @@ fromtext_openpgpkey(ARGS_FROMTEXT) {
/*
* Keyring.
*/
return (isc_base64_tobuffer(lexer, target, -1));
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -140,7 +140,7 @@ fromtext_rrsig(ARGS_FROMTEXT) {
/*
* Sig.
*/
return (isc_base64_tobuffer(lexer, target, -1));
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -112,7 +112,7 @@ fromtext_sig(ARGS_FROMTEXT) {
/*
* Sig.
*/
return (isc_base64_tobuffer(lexer, target, -1));
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -50,7 +50,7 @@ fromtext_sshfp(ARGS_FROMTEXT) {
/*
* Digest.
*/
return (isc_hex_tobuffer(lexer, target, -1));
return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -56,7 +56,7 @@ generic_fromtext_tlsa(ARGS_FROMTEXT) {
/*
* Certificate Association Data.
*/
return (isc_hex_tobuffer(lexer, target, -1));
return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -29,7 +29,7 @@ fromtext_in_dhcid(ARGS_FROMTEXT) {
UNUSED(options);
UNUSED(callbacks);
return (isc_base64_tobuffer(lexer, target, -1));
return (isc_base64_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -28,7 +28,7 @@ fromtext_in_eid(ARGS_FROMTEXT) {
UNUSED(rdclass);
UNUSED(callbacks);
return (isc_hex_tobuffer(lexer, target, -1));
return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
......@@ -28,7 +28,7 @@ fromtext_in_nimloc(ARGS_FROMTEXT) {
UNUSED(rdclass);
UNUSED(callbacks);
return (isc_hex_tobuffer(lexer, target, -1));
return (isc_hex_tobuffer(lexer, target, -2));
}
static inline isc_result_t
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment