From 189ca00a6e38fdeb616e5ac5479b9f10cde365ea Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 6 Jul 2023 17:09:02 +1000 Subject: [PATCH] Check that BADCOOKIE is returned for a bad server COOKIE Send a well formed, all zeros, DNS COOKIE option to a named instance running with default cookie settings and check that BADCOOKIE is returned. --- bin/tests/system/cookie/tests.sh | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/bin/tests/system/cookie/tests.sh b/bin/tests/system/cookie/tests.sh index f8f2e73fa5..9eeb3243e4 100755 --- a/bin/tests/system/cookie/tests.sh +++ b/bin/tests/system/cookie/tests.sh @@ -85,7 +85,8 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking COOKIE is not returned when answer-cookie is false ($n)" ret=0 -$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 > dig.out.test$n +oldcookie=b71d3138bb984fc50100000064a65cffbbf02482dfb99ba5 +$DIG $DIGOPTS +cookie=$oldcookie version.bind txt ch @10.53.0.7 > dig.out.test$n grep COOKIE: dig.out.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -151,7 +152,7 @@ n=`expr $n + 1` echo_i "checking require-server-cookie default (no) ($n)" ret=0 $DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n -grep BADCOOKIE dig.out.test$n > /dev/null && ret=1 +grep "status: BADCOOKIE" dig.out.test$n > /dev/null && ret=1 linecount=`getcookie dig.out.test$n | wc -l` if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi @@ -163,7 +164,7 @@ ret=0 $DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1 grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 -grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 +grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1 linecount=`getcookie dig.out.test$n | wc -l` if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi @@ -208,7 +209,7 @@ echo_i "checking require-server-cookie yes with rate-limit ($n)" ret=0 $DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 -grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 +grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1 linecount=`getcookie dig.out.test$n | wc -l` if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi @@ -249,6 +250,17 @@ grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +echo_i "check that BADCOOKIE is returned for a bad server COOKIE ($n)" +ret=0 +badcookie=$(echo $cookie | sed 's/[a-f0-9]/0/g') +$DIG $DIGOPTS +qr +cookie=$badcookie +nobadcookie soa example @10.53.0.1 > dig.out.test$n +grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 +grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1 +linecount=`getcookie dig.out.test$n | wc -l` +if [ $linecount != 2 ]; then ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + # # Test shared cookie-secret support. #