mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

4615. [bug] AD could be set on truncated answer with no records

Browse Source 
present in the answer and authority sections.
                        [RT #45140]
This commit is contained in:
Mark Andrews
2017-05-03 07:51:41 +10:00
parent 78551a3f2c
commit 33e94f501f
4 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,3 +1,7 @@
4615. [bug] AD could be set on truncated answer with no records
present in the answer and authority sections.
[RT #45140]
4614. [test] Fixed an error in the sockaddr unit test. [RT #45146] 4614. [test] Fixed an error in the sockaddr unit test. [RT #45146]
4613. [func] By default, the maximum size of a zone journal file 4613. [func] By default, the maximum size of a zone journal file

2
bin/tests/system/resolver/ns6/keygen.sh
View File

@@ -16,7 +16,7 @@ zonefile="${zone}.db"
infile="${zonefile}.in" infile="${zonefile}.in"
cp $infile $zonefile cp $infile $zonefile
ksk=`$KEYGEN -q -3 -r $RANDFILE -fk $zone` ksk=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
zsk=`$KEYGEN -q -3 -r $RANDFILE $zone` zsk=`$KEYGEN -q -3 -r $RANDFILE -b 2048 $zone`
cat $ksk.key $zsk.key >> $zonefile cat $ksk.key $zsk.key >> $zonefile
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 $SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

16
bin/tests/system/resolver/tests.sh
View File

@@ -734,5 +734,21 @@ test ${ttl:-1} -eq 0 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +ad (${n})"
ret=0
$DIG @10.53.0.6 -p 5300 dnskey ds.example.net +bufsize=512 +ad +nodnssec +ignore +norec > dig.out.$n
grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +dnssec (${n})"
ret=0
$DIG @10.53.0.6 -p 5300 dnskey ds.example.net +bufsize=512 +noad +dnssec +ignore +norec > dig.out.$n
grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status" echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1

10
lib/dns/message.c
View File

@@ -1960,6 +1960,15 @@ renderset(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
return (result); return (result);
} }
static void
maybe_clear_ad(dns_message_t *msg, dns_section_t sectionid) {
if (msg->counts[sectionid] == 0 &&
(sectionid == DNS_SECTION_ANSWER ||
(sectionid == DNS_SECTION_AUTHORITY &&
msg->counts[DNS_SECTION_ANSWER] == 0)))
msg->flags &= ~DNS_MESSAGEFLAG_AD;
}
isc_result_t isc_result_t
dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
unsigned int options) unsigned int options)
@@ -2157,6 +2166,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
*(msg->buffer) = st; /* rollback */ *(msg->buffer) = st; /* rollback */
msg->buffer->length += msg->reserved; msg->buffer->length += msg->reserved;
msg->counts[sectionid] += total; msg->counts[sectionid] += total;
maybe_clear_ad(msg, sectionid);
return (result); return (result);
} }