Commit 74fc8c25 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1574b] check parameter of NSEC3PARAM when added after NSEC3

parent dc8a5a5b
......@@ -386,11 +386,9 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
// otherwise check parameter consistency.
if (!zone_data.nsec3_data_) {
zone_data.nsec3_data_.reset(new ZoneData::NSEC3Data(nsec3_rdata));
} else {
if (!zone_data.nsec3_data_->hash_->match(nsec3_rdata)) {
isc_throw(AddError, "NSEC3 with inconsistent parameters: " <<
rrset->toText());
}
} else if (!zone_data.nsec3_data_->hash_->match(nsec3_rdata)) {
isc_throw(AddError, "NSEC3 with inconsistent parameters: " <<
rrset->toText());
}
string fst_label = rrset->getName().split(0, 1).toText(true);
......@@ -477,17 +475,22 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
node->setFlag(DomainNode::FLAG_CALLBACK);
}
// If we've added NSEC3PARAM and the zone isn't yet NSEC3-ready
// set it up (note: this part doesn't ensure strong exception
// guarantee)
if (rrset->getType() == RRType::NSEC3PARAM() &&
!zone_data.nsec3_data_) {
zone_data.nsec3_data_.reset(
new ZoneData::NSEC3Data(
dynamic_cast<const generic::NSEC3PARAM&>(
rrset->getRdataIterator()->getCurrent())));
// If we've added NSEC3PARAM, set up NSEC3 specific data or check
// consistency with already set up parameters.
if (rrset->getType() == RRType::NSEC3PARAM()) {
// We know rrset has exactly one RDATA
const generic::NSEC3PARAM& param =
dynamic_cast<const generic::NSEC3PARAM&>(
rrset->getRdataIterator()->getCurrent());
if (!zone_data.nsec3_data_) {
zone_data.nsec3_data_.reset(
new ZoneData::NSEC3Data(param));
} else if (!zone_data.nsec3_data_->hash_->match(param)) {
isc_throw(AddError, "NSEC3PARAM with inconsistent "
"parameters: " << rrset->toText());
}
}
return (result::SUCCESS);
} else {
// The RRSet of given type was already there
......
......@@ -1504,6 +1504,11 @@ TEST_F(InMemoryZoneFinderTest, paramConsistencyWithNSEC3) {
textToRRset("a.example.org. 300 IN NSEC3 1 0 1 aabbccdd "
"2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG")),
InMemoryZoneFinder::AddError);
// Likewise, NSEC3PARAM with inconsistent parameter will be rejected.
EXPECT_THROW(zone_finder_.add(textToRRset("example.org. 300 IN NSEC3PARAM "
"1 0 1 aabbccdd")),
InMemoryZoneFinder::AddError);
}
TEST_F(InMemoryZoneFinderTest, multiNSEC3PARAM) {
......@@ -1516,7 +1521,7 @@ TEST_F(InMemoryZoneFinderTest, multiNSEC3PARAM) {
}
// TODO
// - multiple NSEC3 RDATA
// - existence of NSEC3PARAM
// - add NSEC3PARAM second, check consistency
// - add NSEC3PARAM at non origin (should be ignored)
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment