Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 525
    • Issues 525
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 101
    • Merge requests 101
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #326

Closed
Open
Created Jun 08, 2018 by Ghost User@ghost

xfer system test passes even if there's a TSIG failure

dig doesn't seem to return an error status if there's a TSIG failure. E.g., apply this patch:


diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index ee891b4e36..15f24f6677 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1766,7 +1766,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
                        ptr2 = ptr3;
                } else  {
 #ifndef PK11_MD5_DISABLE
-                       hmacname = DNS_TSIG_HMACMD5_NAME;
+                       hmacname = DNS_TSIG_HMACSHA256_NAME;
 #else
                        hmacname = DNS_TSIG_HMACSHA256_NAME;
 #endif
diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh
index 91b23b3edb..004bf43ab6 100755
--- a/bin/tests/system/xfer/tests.sh
+++ b/bin/tests/system/xfer/tests.sh
@@ -46,7 +46,7 @@ digcomp dig1.good dig.out.ns3 || status=1
 
 n=`expr $n + 1`
 echo_i "testing TSIG signed zone transfers"
-$DIG $DIGOPTS tsigzone. @10.53.0.2 axfr -y tsigzone.:1234abcd8765 > dig.out.ns2 || status=1
+$DIG $DIGOPTS tsigzone. @10.53.0.2 axfr -y tsigzone.:1234abcd8765 > dig.out.ns2 || exit 1
 grep "^;" dig.out.ns2 | cat_i
 
 #

and run the xfer system test. See the early failures, but it doesn't exit after the dig failure above.

This was noticed about a year back, but it got missed. The regular passing tests don't exercise the failure.

Edited Jun 08, 2018 by Ghost User
Assignee
Assign to
Time tracking