Commit d17500bf authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1574b] added check for # of NSEC3 RDATA (only 1 is supported)

parent 74fc8c25
...@@ -237,11 +237,12 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl { ...@@ -237,11 +237,12 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
isc_throw(AddError, "multiple RRs of singleton type for " isc_throw(AddError, "multiple RRs of singleton type for "
<< rrset->getName()); << rrset->getName());
} }
// NSEC3PARAM is not a "singleton" per protocol, but this // NSEC3/NSEC3PARAM is not a "singleton" per protocol, but this
// implementation doesn't request it be so at the moment. // implementation doesn't request it be so at the moment.
if (rrset->getType() == RRType::NSEC3PARAM() && if ((rrset->getType() == RRType::NSEC3() ||
rrset->getType() == RRType::NSEC3PARAM()) &&
rrset->getRdataCount() > 1) { rrset->getRdataCount() > 1) {
isc_throw(AddError, "Multiple NSEC3PARAM RDATA is given for " isc_throw(AddError, "Multiple NSEC3/NSEC3PARAM RDATA is given for "
<< rrset->getName() << " which isn't supported"); << rrset->getName() << " which isn't supported");
} }
...@@ -289,7 +290,7 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl { ...@@ -289,7 +290,7 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
origin_.getLabelCount() + 1)) { origin_.getLabelCount() + 1)) {
LOG_ERROR(logger, DATASRC_BAD_NSEC3_NAME). LOG_ERROR(logger, DATASRC_BAD_NSEC3_NAME).
arg(rrset->getName()); arg(rrset->getName());
isc_throw(AddError, "Invalid NSEC3 owner name (wildcard): " << isc_throw(AddError, "Invalid NSEC3 owner name: " <<
rrset->getName()); rrset->getName());
} }
} }
......
...@@ -1432,6 +1432,17 @@ TEST_F(InMemoryZoneFinderTest, badNSEC3Name) { ...@@ -1432,6 +1432,17 @@ TEST_F(InMemoryZoneFinderTest, badNSEC3Name) {
InMemoryZoneFinder::AddError); InMemoryZoneFinder::AddError);
} }
TEST_F(InMemoryZoneFinderTest, addMultiNSEC3) {
// In this current implementation multiple NSEC3 RDATA isn't supported.
RRsetPtr nsec3(new RRset(Name(string(apex_hash) + ".example.org"),
RRClass::IN(), RRType::NSEC3(), RRTTL(300)));
nsec3->addRdata(
generic::NSEC3("1 0 12 aabbccdd 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A"));
nsec3->addRdata(
generic::NSEC3("1 1 1 ddccbbaa 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A"));
EXPECT_THROW(zone_finder_.add(nsec3), InMemoryZoneFinder::AddError);
}
TEST_F(InMemoryZoneFinderTest, addNSEC3WithRRSIG) { TEST_F(InMemoryZoneFinderTest, addNSEC3WithRRSIG) {
// Adding NSEC3 and its RRSIG // Adding NSEC3 and its RRSIG
const string nsec3_text = string(apex_hash) + ".example.org." + const string nsec3_text = string(apex_hash) + ".example.org." +
...@@ -1521,7 +1532,6 @@ TEST_F(InMemoryZoneFinderTest, multiNSEC3PARAM) { ...@@ -1521,7 +1532,6 @@ TEST_F(InMemoryZoneFinderTest, multiNSEC3PARAM) {
} }
// TODO // TODO
// - multiple NSEC3 RDATA
// - existence of NSEC3PARAM // - existence of NSEC3PARAM
// - add NSEC3PARAM at non origin (should be ignored) // - add NSEC3PARAM at non origin (should be ignored)
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment