Commit 755efa9b authored by Mark Andrews's avatar Mark Andrews

Merge branch...

Merge branch '860-process_opt-could-be-called-multiple-times-on-the-same-message-in-dig' into 'master'

Resolve "process_opt() could be called multiple times on the same message in dig."

Closes #860

See merge request !1459
parents a70c4445 946d5c2c
Pipeline #9510 passed with stages
in 1 minute and 2 seconds
5154. [bug] dig: process_opt could be called twice on the same
message leading to a assertion failure. [GL #860]
5153. [func] Zone transfer statistics (size, number of records, and
number of messages) are now logged for outgoing
transfers as well as incoming ones. [GL #513]
......
......@@ -3422,7 +3422,7 @@ process_cookie(dig_lookup_t *l, dns_message_t *msg,
}
INSIST(msg->cc_ok == 0 && msg->cc_bad == 0);
if (optlen >= len && optlen >= 8U) {
if (len >= 8 && optlen >= 8U) {
if (isc_safe_memequal(isc_buffer_current(optbuf), sent, 8)) {
msg->cc_ok = 1;
} else {
......@@ -3509,6 +3509,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
dig_lookup_t *n, *l;
bool docancel = false;
bool match = true;
bool done_process_opt = false;
unsigned int parseflags;
dns_messageid_t id;
unsigned int msgflags;
......@@ -3802,6 +3803,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
UNLOCK_LOOKUP;
return;
}
done_process_opt = true;
}
if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
(check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
......@@ -3891,13 +3893,17 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
}
if (l->cookie != NULL) {
if (msg->opt == NULL)
printf(";; expected opt record in response\n");
else
if (!done_process_opt) {
if (l->cookie != NULL) {
if (msg->opt == NULL) {
printf(";; expected opt record in response\n");
} else {
process_opt(l, msg);
}
} else if (l->sendcookie && msg->opt != NULL) {
process_opt(l, msg);
} else if (l->sendcookie && msg->opt != NULL)
process_opt(l, msg);
}
}
if (!l->doing_xfr || l->xfr_q == query) {
if (msg->rcode == dns_rcode_nxdomain &&
(l->origin != NULL || l->need_search)) {
......
......@@ -184,6 +184,30 @@ if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "send undersized cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=000000 soa @10.53.0.1 > dig.out.test$n || ret=1
grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "send oversized for named cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.1 > dig.out.test$n || ret=1
grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "send oversized for named cookie with server requiring a good cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.3 > dig.out.test$n || ret=1
grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
#
# Test shared cookie-secret support.
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment