From 8bbf3eb5f3480ae7aaa811ed456700c2ea459caa Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 15 Jul 2020 16:06:07 +1000 Subject: [PATCH] check that a malformed truncated response to a TSIG query is handled --- bin/tests/system/tsig/ans2/ans.pl | 50 +++++++++++++++++++++++++ bin/tests/system/tsig/ns1/named.conf.in | 12 +++++- bin/tests/system/tsig/tests.sh | 7 ++++ util/copyrights | 1 + 4 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 bin/tests/system/tsig/ans2/ans.pl diff --git a/bin/tests/system/tsig/ans2/ans.pl b/bin/tests/system/tsig/ans2/ans.pl new file mode 100644 index 0000000000..a3420bb905 --- /dev/null +++ b/bin/tests/system/tsig/ans2/ans.pl @@ -0,0 +1,50 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# +# An adhoc server that returns a TC=1 response with the final byte +# removed to generate UNEXPECTEDEND form dns_message_parse. +# + +use IO::File; +use IO::Socket; + +my $localport = int($ENV{'PORT'}); +if (!$localport) { $localport = 5300; } +printf "localport %u\n", $localport; + +my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.2", + LocalPort => $localport, Proto => "udp") or die "$!"; + +my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; +print $pidf "$$\n" or die "cannot write pid file: $!"; +$pidf->close or die "cannot close pid file: $!"; +sub rmpid { unlink "ans.pid"; exit 1; }; + +$SIG{INT} = \&rmpid; +$SIG{TERM} = \&rmpid; + +sub arraystring { + my $string = join("", @_); + return $string; +} + +for (;;) { + $from = $sock->recv($buf, 512); + ($port, $ip_address) = unpack_sockaddr_in($from); + $l = length($buf); + printf "received %u bytes from %s#%u\n", $l, inet_ntoa($ip_address), $port; + @up = unpack("C[$l]", $buf); + $up[2] |= 0x80; # QR + $up[2] |= 0x02; # TC + $up[3] |= 0x80; # RA + $l -= 1; # truncate the response 1 byte + $replydata = pack("C[$l]", @up); + printf "sent %u bytes\n", $sock->send($replydata); +} diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in index cc8caf8367..3470c4f200 100644 --- a/bin/tests/system/tsig/ns1/named.conf.in +++ b/bin/tests/system/tsig/ns1/named.conf.in @@ -17,7 +17,7 @@ options { pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; - recursion no; + recursion yes; notify no; }; @@ -85,3 +85,13 @@ zone "example.nil" { type primary; file "example.db"; }; + +server 10.53.0.2 { + keys sha256; +}; + +zone "bad-tsig" { + type forward; + forwarders { 10.53.0.2; }; + forward only; +}; diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh index d48eea11c6..6c95cca584 100644 --- a/bin/tests/system/tsig/tests.sh +++ b/bin/tests/system/tsig/tests.sh @@ -232,6 +232,13 @@ then fi fi +echo_i "check that a malformed truncated response to a TSIG query is handled" +ret=0 +$DIG -p $PORT @10.53.0.1 bad-tsig > dig.out.bad-tsig || ret=1 +grep "status: SERVFAIL" dig.out.bad-tsig > /dev/null || ret=1 +if [ $ret -eq 1 ] ; then + echo_i "failed"; status=1 +fi echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/util/copyrights b/util/copyrights index 53b2b35e76..2a14cff3c6 100644 --- a/util/copyrights +++ b/util/copyrights @@ -861,6 +861,7 @@ ./bin/tests/system/tools/clean.sh SH 2017,2018,2019,2020 ./bin/tests/system/tools/setup.sh SH 2019,2020 ./bin/tests/system/tools/tests.sh SH 2017,2018,2019,2020 +./bin/tests/system/tsig/ans2/ans.pl PERL 2020 ./bin/tests/system/tsig/badlocation X 2020 ./bin/tests/system/tsig/badtime X 2020 ./bin/tests/system/tsig/clean.sh SH 2005,2006,2007,2012,2014,2016,2018,2019,2020