mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

add a regression test for a new ENT node

Browse Source 
this test adds a record with empty non-terminal nodes above it. this
has also been observed to trigger the crash in NSEC3 zones.

NOTE: the test currently fails, because while there is no crash, the
query results are not as expected.  when we add a node below an ENT,
receive_secure_serial() gets DNS_R_PARTIALMATCH, and the signed
zone is never updated. this is not a regression from fixing the
crash bug; it's a separate inline-signing bug.
This commit is contained in:
Evan Hunt
2024-12-20 17:25:10 -08:00
parent 7b94c34965
commit 3e367a23f9
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/nsec3/ns3/named2-fips.conf.in
View File

@@ -147,7 +147,7 @@ zone "nsec3-inline-to-dynamic.kasp" {
}; };
/* /*
* This zone will have a node deleted. * This zone will have an empty nonterminal node added and a node deleted.
*/ */
zone "nsec3-ent.kasp" { zone "nsec3-ent.kasp" {
type primary; type primary;

22
bin/tests/system/nsec3/tests.sh
View File

@@ -586,19 +586,37 @@ check_nsec3
# Zone: nsec3-ent.kasp (regression test for #5108) # Zone: nsec3-ent.kasp (regression test for #5108)
n=$((n + 1)) n=$((n + 1))
echo_i "check queries for newly empty names do not crash ($n)" echo_i "check query for newly empty name does not crash ($n)"
set_zone_policy "nsec3-ent.kasp" set_zone_policy "nsec3-ent.kasp"
set_server "ns3" "10.53.0.3" set_server "ns3" "10.53.0.3"
# confirm the pre-existing name still exists # confirm the pre-existing name still exists
dig_with_opts +noquestion "@${SERVER}" c.$ZONE >"dig.out.$ZONE.test$n.1" || ret=1 dig_with_opts +noquestion "@${SERVER}" c.$ZONE >"dig.out.$ZONE.test$n.1" || ret=1
grep "c\.nsec3-ent\.kasp\..*IN.*A.*10\.0\.0\.3" "dig.out.$ZONE.test$n.1" >/dev/null || ret=1 grep "c\.nsec3-ent\.kasp\..*IN.*A.*10\.0\.0\.3" "dig.out.$ZONE.test$n.1" >/dev/null || ret=1
# remove a name, bump the SOA, reload, and try the query again # remove a name, bump the SOA, and reload
sed -e 's/1 *; serial/2/' -e '/^c/d' ns3/template.db.in >ns3/nsec3-ent.kasp.db sed -e 's/1 *; serial/2/' -e '/^c/d' ns3/template.db.in >ns3/nsec3-ent.kasp.db
rndc_reload ns3 10.53.0.3 rndc_reload ns3 10.53.0.3
# try the query again
dig_with_opts +noquestion "@${SERVER}" c.$ZONE >"dig.out.$ZONE.test$n.2" || ret=1 dig_with_opts +noquestion "@${SERVER}" c.$ZONE >"dig.out.$ZONE.test$n.2" || ret=1
grep "status: NXDOMAIN" "dig.out.$ZONE.test$n.2" >/dev/null || ret=1 grep "status: NXDOMAIN" "dig.out.$ZONE.test$n.2" >/dev/null || ret=1
if [ "$ret" -ne 0 ]; then echo_i "failed"; fi if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret)) status=$((status + ret))
n=$((n + 1))
echo_i "check queries for new names below ENT do not crash ($n)"
set_zone_policy "nsec3-ent.kasp"
set_server "ns3" "10.53.0.3"
# confirm the ENT name does not exist yet
dig_with_opts +noquestion "@${SERVER}" x.y.z.$ZONE >"dig.out.$ZONE.test$n.1" || ret=1
grep "status: NXDOMAIN" "dig.out.$ZONE.test$n.1" >/dev/null || ret=1
# add a name with an ENT, bump the SOA, and reload
sed -e 's/1 *; serial/3/' ns3/template.db.in >ns3/nsec3-ent.kasp.db
echo "x.y.z A 10.0.0.4" >>ns3/nsec3-ent.kasp.db
rndc_reload ns3 10.53.0.3
# try the query again
dig_with_opts +noquestion "@${SERVER}" x.y.z.$ZONE >"dig.out.$ZONE.test$n.2" || ret=1
grep "x\.y\.z\.nsec3-ent\.kasp\..*IN.*A.*10\.0\.0\.4" "dig.out.$ZONE.test$n.2" >/dev/null || ret=1
if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "exit status: $status" echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1