mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Check that BADCOOKIE is returned for a bad server COOKIE

Browse Source 
Send a well formed, all zeros, DNS COOKIE option to a named instance
running with default cookie settings and check that BADCOOKIE is
returned.
This commit is contained in:
Mark Andrews
2023-07-06 17:09:02 +10:00
parent 3969e2c5f7
commit 189ca00a6e
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
bin/tests/system/cookie/tests.sh
View File

@@ -85,7 +85,8 @@ status=`expr $status + $ret`
n=`expr $n + 1` n=`expr $n + 1`
echo_i "checking COOKIE is not returned when answer-cookie is false ($n)" echo_i "checking COOKIE is not returned when answer-cookie is false ($n)"
ret=0 ret=0
$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 > dig.out.test$n oldcookie=b71d3138bb984fc50100000064a65cffbbf02482dfb99ba5
$DIG $DIGOPTS +cookie=$oldcookie version.bind txt ch @10.53.0.7 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null && ret=1 grep COOKIE: dig.out.test$n > /dev/null && ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -151,7 +152,7 @@ n=`expr $n + 1`
echo_i "checking require-server-cookie default (no) ($n)" echo_i "checking require-server-cookie default (no) ($n)"
ret=0 ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n $DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n
grep BADCOOKIE dig.out.test$n > /dev/null && ret=1 grep "status: BADCOOKIE" dig.out.test$n > /dev/null && ret=1
linecount=`getcookie dig.out.test$n | wc -l` linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -163,7 +164,7 @@ ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n $DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n
grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1 grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1
grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l` linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -208,7 +209,7 @@ echo_i "checking require-server-cookie yes with rate-limit ($n)"
ret=0 ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n $DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n
grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l` linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -249,6 +250,17 @@ grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
echo_i "check that BADCOOKIE is returned for a bad server COOKIE ($n)"
ret=0
badcookie=$(echo $cookie | sed 's/[a-f0-9]/0/g')
$DIG $DIGOPTS +qr +cookie=$badcookie +nobadcookie soa example @10.53.0.1 > dig.out.test$n
grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# #
# Test shared cookie-secret support. # Test shared cookie-secret support.
# #