mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Check that named rejects excessive iterations via UPDATE

Browse Source
This commit is contained in:
Mark Andrews 2021-04-23 10:28:06 +10:00
parent 3fe75d9809
commit 4ce8437a6e
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/nsupdate/tests.sh
View File

@ -310,6 +310,7 @@ then
{
$PERL update_test.pl -s 10.53.0.1 -p ${PORT} update.nil. || ret=1
} | cat_i
grep "updating zone 'update.nil/IN': too many NSEC3 iterations (151)" ns1/named.run > /dev/null || ret=1
[ $ret -eq 1 ] && { echo_i "failed"; status=1; }
else
echo_i "The second part of this test requires the Net::DNS library." >&2
@ -1219,7 +1220,7 @@ server 10.53.0.3 ${PORT}
zone example
update add example 0 in NSEC3PARAM 1 0 151 -
END
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n || ret=1
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
if ! $FEATURETEST --gssapi ; then

4
bin/tests/system/nsupdate/update_test.pl
View File

@ -410,6 +410,10 @@ test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]);
test("NOERROR", ["update", rr_del("u.$zone NS ns.u.$zone")]);
section("Excessive NSEC3PARAM iterations");
test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 151 -")]);
test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 150 -")]);
if ($failures) {
print "$failures tests failed.\n";
} else {