Commit a9040d4a authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1372] detect and reject multiple SOA in IXFR's authority section.

parent 35556de0
...@@ -218,8 +218,8 @@ class TestXfroutSessionBase(unittest.TestCase): ...@@ -218,8 +218,8 @@ class TestXfroutSessionBase(unittest.TestCase):
return msg.get_tsig_record() is not None return msg.get_tsig_record() is not None
def create_request_data(self, with_question=True, with_tsig=False, def create_request_data(self, with_question=True, with_tsig=False,
zone_name=TEST_ZONE_NAME, ixfr=None, ixfr=None, zone_name=TEST_ZONE_NAME,
soa_class=TEST_RRCLASS): soa_class=TEST_RRCLASS, num_soa=1):
'''Create a commonly used XFR request data. '''Create a commonly used XFR request data.
By default the request type is AXFR; if 'ixfr' is an integer, By default the request type is AXFR; if 'ixfr' is an integer,
...@@ -227,6 +227,14 @@ class TestXfroutSessionBase(unittest.TestCase): ...@@ -227,6 +227,14 @@ class TestXfroutSessionBase(unittest.TestCase):
the value of the parameter will be included in the authority the value of the parameter will be included in the authority
section. section.
This method has various minor parameters only for creating bad
format requests for testing purposes:
zone_name: the query (zone) name. for IXFR, it's also used as
the owner name of the SOA in the authority section.
soa_class: IXFR only. The RR class of the SOA RR in the authority
section.
num_soa: IXFR only. The number of SOA RDATAs in the authority
section.
''' '''
msg = Message(Message.RENDER) msg = Message(Message.RENDER)
query_id = 0x1035 query_id = 0x1035
...@@ -239,8 +247,9 @@ class TestXfroutSessionBase(unittest.TestCase): ...@@ -239,8 +247,9 @@ class TestXfroutSessionBase(unittest.TestCase):
if req_type == RRType.IXFR(): if req_type == RRType.IXFR():
soa = RRset(zone_name, soa_class, RRType.SOA(), RRTTL(0)) soa = RRset(zone_name, soa_class, RRType.SOA(), RRTTL(0))
# In the RDATA only the serial matters. # In the RDATA only the serial matters.
soa.add_rdata(Rdata(RRType.SOA(), soa_class, for i in range(0, num_soa):
'm r ' + str(ixfr) + ' 1 1 1 1')) soa.add_rdata(Rdata(RRType.SOA(), soa_class,
'm r ' + str(ixfr) + ' 1 1 1 1'))
msg.add_rrset(Message.SECTION_AUTHORITY, soa) msg.add_rrset(Message.SECTION_AUTHORITY, soa)
renderer = MessageRenderer() renderer = MessageRenderer()
...@@ -758,6 +767,12 @@ class TestXfroutSession(TestXfroutSessionBase): ...@@ -758,6 +767,12 @@ class TestXfroutSession(TestXfroutSessionBase):
self.assertEqual(self.xfrsess._xfrout_setup( self.assertEqual(self.xfrsess._xfrout_setup(
self.getmsg(), zone_name, TEST_RRCLASS), Rcode.FORMERR()) self.getmsg(), zone_name, TEST_RRCLASS), Rcode.FORMERR())
# multiple SOA RRs
self.mdata = self.create_request_data(ixfr=IXFR_OK_VERSION,
num_soa=2)
self.assertEqual(self.xfrsess._xfrout_setup(
self.getmsg(), zone_name, TEST_RRCLASS), Rcode.FORMERR())
def test_dns_xfrout_start_formerror(self): def test_dns_xfrout_start_formerror(self):
# formerror # formerror
self.xfrsess.dns_xfrout_start(self.sock, b"\xd6=\x00\x00\x00\x01\x00") self.xfrsess.dns_xfrout_start(self.sock, b"\xd6=\x00\x00\x00\x01\x00")
......
...@@ -372,7 +372,6 @@ class XfroutSession(): ...@@ -372,7 +372,6 @@ class XfroutSession():
IXFR by setting up a zone iterator instead of a journal reader. IXFR by setting up a zone iterator instead of a journal reader.
''' '''
# TODO: more error case handling
# Check the authority section. Look for a SOA record with # Check the authority section. Look for a SOA record with
# the same name and class as the question. # the same name and class as the question.
remote_soa = None remote_soa = None
...@@ -383,6 +382,9 @@ class XfroutSession(): ...@@ -383,6 +382,9 @@ class XfroutSession():
auth_rrset.get_type() != RRType.SOA() or \ auth_rrset.get_type() != RRType.SOA() or \
auth_rrset.get_class() != zone_class: auth_rrset.get_class() != zone_class:
continue continue
if auth_rrset.get_rdata_count() != 1:
# TBD: log it.
return Rcode.FORMERR()
remote_soa = auth_rrset remote_soa = auth_rrset
if remote_soa is None: if remote_soa is None:
# TBD: log it. # TBD: log it.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment