[2475] Merge branch 'master' into trac2475

834fa9e8 · Stephen Morris · 3ba0299a · 3ef8b316 · 834fa9e8 · 834fa9e8
Commit 834fa9e8 authored Nov 16, 2012 by Stephen Morris
--- a/ChangeLog
+++ b/ChangeLog
 bind10-devel-20121115 released on November 15, 2012

-506.	[doc]		jelte
+507.	[doc]		jelte
 	Added a chapter about the use of the bindctl command tool to
 	to the BIND 10 guide.
 	(Trac #2305, git c4b0294b5bf4a9d32fb18ab62ca572f492788d72)

+506.	[security]		jinmei
+	Fixed a use-after-free case in handling DNAME record with the
+	in-memory data source.  This could lead to a crash of b10-auth
+	if it serves a zone containing a DNAME RR from the in-memory
+	data source.  This bug was introduced at bind10-devel-20120927.
+	(Trac #2471, git 2b1793ac78f972ddb1ae2fd092a7f539902223ff)
+
 505.	[bug]		jelte
 	Fixed a bug in b10-xfrin where a wrong call was made during the
 	final check of a TSIG-signed transfer, incorrectly rejecting the

--- a/src/bin/auth/query.cc
+++ b/src/bin/auth/query.cc
@@ -410,9 +410,9 @@ Query::process(datasrc::ClientList& client_list,
             */
            assert(db_context->rrset->getRdataCount() > 0);
            // Get the data of DNAME
+            RdataIteratorPtr rit = db_context->rrset->getRdataIterator();
            const rdata::generic::DNAME& dname(
-                dynamic_cast<const rdata::generic::DNAME&>(
-                db_context->rrset->getRdataIterator()->getCurrent()));
+                dynamic_cast<const rdata::generic::DNAME&>(rit->getCurrent()));
            // The yet unmatched prefix dname
            const Name prefix(qname_->split(0, qname_->getLabelCount() -
                db_context->rrset->getName().getLabelCount()));

--- a/src/bin/auth/tests/Makefile.am
+++ b/src/bin/auth/tests/Makefile.am
@@ -50,6 +50,7 @@ run_unittests_SOURCES += config_syntax_unittest.cc
 run_unittests_SOURCES += command_unittest.cc
 run_unittests_SOURCES += common_unittest.cc
 run_unittests_SOURCES += query_unittest.cc
+run_unittests_SOURCES += query_inmemory_unittest.cc
 run_unittests_SOURCES += statistics_unittest.cc
 run_unittests_SOURCES += test_datasrc_clients_mgr.h test_datasrc_clients_mgr.cc
 run_unittests_SOURCES += datasrc_clients_builder_unittest.cc

--- a/src/bin/auth/tests/query_inmemory_unittest.cc
+++ b/src/bin/auth/tests/query_inmemory_unittest.cc
+// Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+// PERFORMANCE OF THIS SOFTWARE.
+
+#include <dns/name.h>
+#include <dns/message.h>
+#include <dns/rcode.h>
+#include <dns/opcode.h>
+
+#include <cc/data.h>
+
+#include <datasrc/client_list.h>
+
+#include <auth/query.h>
+
+#include <testutils/dnsmessage_test.h>
+
+#include <gtest/gtest.h>
+
+#include <string>
+
+using namespace isc::dns;
+using namespace isc::auth;
+using namespace isc::testutils;
+using isc::datasrc::ConfigurableClientList;
+using std::string;
+
+namespace {
+
+// The DNAME to do tests against
+const char* const dname_txt =
+    "dname.example.com. 3600 IN DNAME "
+    "somethinglong.dnametarget.example.com.\n";
+// This is not inside the zone, this is created at runtime
+const char* const synthetized_cname_txt =
+    "www.dname.example.com. 3600 IN CNAME "
+    "www.somethinglong.dnametarget.example.com.\n";
+
+// This is a subset of QueryTest using (subset of) the same test data, but
+// with the production in-memory data source.  Both tests should be eventually
+// unified to avoid duplicates.
+class InMemoryQueryTest : public ::testing::Test {
+protected:
+    InMemoryQueryTest() : list(RRClass::IN()), response(Message::RENDER) {
+        response.setRcode(Rcode::NOERROR());
+        response.setOpcode(Opcode::QUERY());
+        list.configure(isc::data::Element::fromJSON(
+                           "[{\"type\": \"MasterFiles\","
+                           "  \"cache-enable\": true, "
+                           "  \"params\": {\"example.com\": \"" +
+                           string(TEST_OWN_DATA_DIR "/example.zone") +
+                           "\"}}]"), true);
+    }
+
+    ConfigurableClientList list;
+    Message response;
+    Query query;
+};
+
+// A wrapper to check resulting response message commonly used in
+// tests below.
+// check_origin needs to be specified only when the authority section has
+// an SOA RR.  The interface is not generic enough but should be okay
+// for our test cases in practice.
+void
+responseCheck(Message& response, const isc::dns::Rcode& rcode,
+              unsigned int flags, const unsigned int ancount,
+              const unsigned int nscount, const unsigned int arcount,
+              const char* const expected_answer,
+              const char* const expected_authority,
+              const char* const expected_additional,
+              const Name& check_origin = Name::ROOT_NAME())
+{
+    // In our test cases QID, Opcode, and QDCOUNT should be constant, so
+    // we don't bother the test cases specifying these values.
+    headerCheck(response, response.getQid(), rcode, Opcode::QUERY().getCode(),
+                flags, 0, ancount, nscount, arcount);
+    if (expected_answer != NULL) {
+        rrsetsCheck(expected_answer,
+                    response.beginSection(Message::SECTION_ANSWER),
+                    response.endSection(Message::SECTION_ANSWER),
+                    check_origin);
+    }
+    if (expected_authority != NULL) {
+        rrsetsCheck(expected_authority,
+                    response.beginSection(Message::SECTION_AUTHORITY),
+                    response.endSection(Message::SECTION_AUTHORITY),
+                    check_origin);
+    }
+    if (expected_additional != NULL) {
+        rrsetsCheck(expected_additional,
+                    response.beginSection(Message::SECTION_ADDITIONAL),
+                    response.endSection(Message::SECTION_ADDITIONAL));
+    }
+}
+
+/*
+ * Test a query under a domain with DNAME. We should get a synthetized CNAME
+ * as well as the DNAME.
+ *
+ * TODO: Once we have CNAME chaining, check it works with synthetized CNAMEs
+ * as well. This includes tests pointing inside the zone, outside the zone,
+ * pointing to NXRRSET and NXDOMAIN cases (similarly as with CNAME).
+ */
+TEST_F(InMemoryQueryTest, DNAME) {
+    query.process(list, Name("www.dname.example.com"), RRType::A(),
+                  response);
+
+    responseCheck(response, Rcode::NOERROR(), AA_FLAG, 2, 0, 0,
+        (string(dname_txt) + synthetized_cname_txt).c_str(),
+        NULL, NULL);
+}
+}
--- a/src/bin/auth/tests/testdata/Makefile.am
+++ b/src/bin/auth/tests/testdata/Makefile.am
@@ -21,6 +21,7 @@ EXTRA_DIST += simpleresponse_fromWire.spec
 EXTRA_DIST += spec.spec

 EXTRA_DIST += example.com
+EXTRA_DIST += example.zone
 EXTRA_DIST += example.sqlite3

 .spec.wire:

--- a/src/bin/auth/tests/testdata/example.zone
+++ b/src/bin/auth/tests/testdata/example.zone
+;;
+;; This is a complete (but crafted and somewhat broken) zone file used
+;; in query tests.
+;;
+
+example.com. 3600 IN SOA . . 0 0 0 0 0
+example.com. 3600 IN NS glue.delegation.example.com.
+example.com. 3600 IN NS noglue.example.com.
+example.com. 3600 IN NS example.net.
+example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
+glue.delegation.example.com. 3600 IN A 192.0.2.153
+glue.delegation.example.com. 3600 IN AAAA 2001:db8::53
+noglue.example.com. 3600 IN A 192.0.2.53
+delegation.example.com. 3600 IN NS glue.delegation.example.com.
+delegation.example.com. 3600 IN NS noglue.example.com.
+delegation.example.com. 3600 IN NS cname.example.com.
+delegation.example.com. 3600 IN NS example.org.
+;; Borrowed from the RFC4035
+delegation.example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
+mx.example.com. 3600 IN MX 10 www.example.com.
+mx.example.com. 3600 IN MX 20 mailer.example.org.
+mx.example.com. 3600 IN MX 30 mx.delegation.example.com.
+www.example.com. 3600 IN A 192.0.2.80
+cname.example.com. 3600 IN CNAME www.example.com.
+cnamenxdom.example.com. 3600 IN CNAME nxdomain.example.com.
+;; CNAME Leading out of zone
+cnameout.example.com. 3600 IN CNAME www.example.org.
+;; The DNAME to do tests against
+dname.example.com. 3600 IN DNAME somethinglong.dnametarget.example.com.
+;; Some data at the dname node (allowed by RFC 2672)
+dname.example.com. 3600 IN A 192.0.2.5
+;; The rest of data won't be referenced from the test cases.
+cnamemailer.example.com. 3600 IN CNAME www.example.com.
+cnamemx.example.com. 3600 IN MX 10 cnamemailer.example.com.
+mx.delegation.example.com. 3600 IN A 192.0.2.100
+;; Wildcards
+*.wild.example.com. 3600 IN A 192.0.2.7
+*.wild.example.com. 3600 IN NSEC www.example.com. A NSEC RRSIG
+*.cnamewild.example.com. 3600 IN CNAME www.example.org.
+*.cnamewild.example.com. 3600 IN NSEC delegation.example.com. CNAME NSEC RRSIG
+;; Wildcard_nxrrset
+*.uwild.example.com. 3600 IN A 192.0.2.9
+*.uwild.example.com. 3600 IN NSEC www.uwild.example.com. A NSEC RRSIG
+www.uwild.example.com. 3600 IN A 192.0.2.11
+www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG
+;; Wildcard empty
+b.*.t.example.com. 3600 IN A 192.0.2.13
+b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG
+t.example.com. 3600 IN A 192.0.2.15
+t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG
+;; Used in NXDOMAIN proof test.  We are going to test some unusual case where
+;; the best possible wildcard is below the "next domain" of the NSEC RR that
+;; proves the NXDOMAIN, i.e.,
+;; mx.example.com. (exist)
+;; (.no.example.com. (qname, NXDOMAIN)
+;; ).no.example.com. (exist)
+;; *.no.example.com. (best possible wildcard, not exist)
+).no.example.com. 3600 IN AAAA 2001:db8::53
+;; NSEC records.
+example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
+mx.example.com. 3600 IN NSEC ).no.example.com. MX NSEC RRSIG
+).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
+;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
+;; non existence of wildcard.  The following records will be used for that
+;; test.
+;; ).no.example.com. (exist, whose NSEC proves everything)
+;; *.no.example.com. (best possible wildcard, not exist)
+;; nx.no.example.com. (NXDOMAIN)
+;; nz.no.example.com. (exist)
+nz.no.example.com. 3600 IN AAAA 2001:db8::5300
+nz.no.example.com. 3600 IN NSEC noglue.example.com. AAAA NSEC RRSIG
+noglue.example.com. 3600 IN NSEC nonsec.example.com. A
+
+;; NSEC for the normal NXRRSET case
+www.example.com. 3600 IN NSEC example.com. A NSEC RRSIG
+
+;; Authoritative data without NSEC
+nonsec.example.com. 3600 IN A 192.0.2.0
+
+;; NSEC3 RRs.  You may also need to add mapping to MockZoneFinder::hash_map_.
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA NSEC3PARAM RRSIG
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
+q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
+q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
+
+;; NSEC3 for wild.example.com (used in wildcard tests, will be added on
+;; demand not to confuse other tests)
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
+
+;; NSEC3 for cnamewild.example.com (used in wildcard tests, will be added on
+;; demand not to confuse other tests)
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
+
+;; NSEC3 for *.uwild.example.com (will be added on demand not to confuse
+;; other tests)
+b4um86eghhds6nea196smvmlo4ors995.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
+;; NSEC3 for uwild.example.com. (will be added on demand)
+t644ebqk9bibcna874givr6joj62mlhv.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
+
+;; (Secure) delegation data; Delegation with DS record
+signed-delegation.example.com. 3600 IN NS ns.example.net.
+signed-delegation.example.com. 3600 IN DS 12345 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
+
+;; (Secure) delegation data; Delegation without DS record (and both NSEC
+;; and NSEC3 denying its existence)
+unsigned-delegation.example.com. 3600 IN NS ns.example.net.
+unsigned-delegation.example.com. 3600 IN NSEC unsigned-delegation-optout.example.com. NS RRSIG NSEC
+;; This one will be added on demand
+q81r598950igr1eqvc60aedlq66425b5.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom NS RRSIG
+
+;; Delegation without DS record, and no direct matching NSEC3 record
+unsigned-delegation-optout.example.com. 3600 IN NS ns.example.net.
+unsigned-delegation-optout.example.com. 3600 IN NSEC *.uwild.example.com. NS RRSIG NSEC
+
+;; (Secure) delegation data; Delegation where the DS lookup will raise an
+;; exception.
+bad-delegation.example.com. 3600 IN NS ns.example.net.
+
+;; Delegation from an unsigned parent.  There's no DS, and there's no NSEC
+;; or NSEC3 that proves it.
+nosec-delegation.example.com. 3600 IN NS ns.nosec.example.net.