Merge branch '4624-duration-error-checking' into 'main'

Detect invalid durations

Closes #4624

See merge request isc-projects/bind9!8844

CHANGES

@@ -1,3 +1,6 @@
+6361.	[bug]		Some invalid ISO 8601 durations were accepted
+			erroneously. [GL #4624]
+
 6360.	[bug]		Don't return static-stub synthesised NS RRset.
 			[GL #4608]
 

bin/tests/system/checkconf/bad-kasp-duration.conf

@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy "invalid-sigrefresh" {
+	keys {
+		csk lifetime unlimited algorithm 13;
+	};
+	signatures-refresh P7.5D;
+};
+
+zone "example.net" {
+	type primary;
+	file "example.db";
+	dnssec-policy "invalid-sigrefresh";
+};

doc/notes/notes-current.rst

@@ -37,6 +37,9 @@ Bug Fixes
 
 - None.
 
+- Some ISO 8601 durations were accepted erroneously, leading to shorter
+  durations than expected. This has been fixed. :gl:`#4624`
+
 Known Issues
 ~~~~~~~~~~~~
 

lib/isccfg/duration.c

@@ -44,6 +44,7 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	bool not_weeks = false;
 	int i;
 	long long int lli;
+	char *endptr;
 
 	/*
 	 * Copy the buffer as it may not be NULL terminated.
@@ -75,7 +76,11 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Yy");
 	if (X != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		endptr = NULL;
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -93,7 +98,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	 */
 	if (X != NULL && (T == NULL || (size_t)(X - P) < (size_t)(T - P))) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -106,7 +114,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Dd");
 	if (X != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -125,7 +136,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Hh");
 	if (X != NULL && T != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -143,7 +157,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	 */
 	if (X != NULL && T != NULL && (size_t)(X - P) > (size_t)(T - P)) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -156,7 +173,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Ss");
 	if (X != NULL && T != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -173,7 +193,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 			return (ISC_R_BADNUMBER);
 		} else {
 			errno = 0;
-			lli = strtoll(str + 1, NULL, 10);
+			lli = strtoll(str + 1, &endptr, 10);
+			if (*endptr != *W) {
+				return (ISC_R_BADNUMBER);
+			}
 			if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 				return (ISC_R_BADNUMBER);
 			}