4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]

2025-08-31 14:35:26 +00:00 · 2015-12-15 19:49:40 +11:00
parent ecc06cbc32
commit f647c0df9f
5 changed files with 23 additions and 29 deletions
--- a/2
+++ b/2
@@ -1,3 +1,5 @@
+4281.	[bug]		Teach dns_message_totext about BADCOOKIE. [RT #41257]
+
 4280.	[performance]	Use optimal message sizes to improve compression
 			in AXFRs. This reduces network traffic. [RT #40996]

--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -6960,6 +6960,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 					inc_stats(client,
 						dns_nsstatscounter_rateslipped);
 					if (WANTCOOKIE(client)) {
+						client->message->flags &=
+							~DNS_MESSAGEFLAG_AA;
 						client->message->flags &=
 							~DNS_MESSAGEFLAG_AD;
 						client->message->rcode =
@@ -6978,6 +6980,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 		}
 	} else if (!TCP(client) && client->view->requireservercookie &&
 		   WANTCOOKIE(client) && !HAVECOOKIE(client)) {
+		client->message->flags &= ~DNS_MESSAGEFLAG_AA;
+		client->message->flags &= ~DNS_MESSAGEFLAG_AD;
 		client->message->rcode = dns_rcode_badcookie;
 		goto cleanup;
 	}
--- a/bin/tests/system/cookie/tests.sh
+++ b/bin/tests/system/cookie/tests.sh
@@ -127,6 +127,8 @@ n=`expr $n + 1`
 echo "I:checking require-server-cookie yes ($n)"
 ret=0
 $DIG +qr +cookie +nobadcookie soa @10.53.0.3 -p 5300 > dig.out.test$n
+grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1
+grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
 grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
 linecount=`getcookie dig.out.test$n | wc -l`
 if [ $linecount != 2 ]; then ret=1; fi
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -36,6 +36,7 @@
 #include <dns/masterdump.h>
 #include <dns/message.h>
 #include <dns/opcode.h>
+#include <dns/rcode.h>
 #include <dns/rdata.h>
 #include <dns/rdatalist.h>
 #include <dns/rdataset.h>
@@ -145,27 +146,6 @@ static const char *opcodetext[] = {
 	"RESERVED15"
 };

-static const char *rcodetext[] = {
-	"NOERROR",
-	"FORMERR",
-	"SERVFAIL",
-	"NXDOMAIN",
-	"NOTIMP",
-	"REFUSED",
-	"YXDOMAIN",
-	"YXRRSET",
-	"NXRRSET",
-	"NOTAUTH",
-	"NOTZONE",
-	"RESERVED11",
-	"RESERVED12",
-	"RESERVED13",
-	"RESERVED14",
-	"RESERVED15",
-	"BADVERS"
-};
-
-
 /*%
 * "helper" type, which consists of a block of some type, and is linkable.
 * For it to work, sizeof(dns_msgblock_t) must be a multiple of the pointer
@@ -3491,7 +3471,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg,

 isc_result_t
 dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
-		   dns_messagetextflag_t flags, isc_buffer_t *target) {
+		   dns_messagetextflag_t flags, isc_buffer_t *target)
+{
 	unsigned int sflags = dns_master_styleflags(style);
 	char buf[sizeof("1234567890")];
 	isc_result_t result;
@@ -3505,12 +3486,9 @@ dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
 		ADD_STRING(target, ";; ->>HEADER<<- opcode: ");
 		ADD_STRING(target, opcodetext[msg->opcode]);
 		ADD_STRING(target, ", status: ");
-		if (msg->rcode < (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
-			ADD_STRING(target, rcodetext[msg->rcode]);
-		} else {
-			snprintf(buf, sizeof(buf), "%4u", msg->rcode);
-			ADD_STRING(target, buf);
-		}
+		result = dns_rcode_totext(msg->rcode, target);
+		if (result != ISC_R_SUCCESS)
+			return (result);
 		ADD_STRING(target, ", id: ");
 		snprintf(buf, sizeof(buf), "%6u", msg->id);
 		ADD_STRING(target, buf);
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -51,6 +51,8 @@

 #define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */

+#define TOTEXTONLY 0x01
+
 #define RCODENAMES \
 	/* standard rcodes */ \
 	{ dns_rcode_noerror, "NOERROR", 0}, \
@@ -63,7 +65,12 @@
 	{ dns_rcode_yxrrset, "YXRRSET", 0}, \
 	{ dns_rcode_nxrrset, "NXRRSET", 0}, \
 	{ dns_rcode_notauth, "NOTAUTH", 0}, \
-	{ dns_rcode_notzone, "NOTZONE", 0},
+	{ dns_rcode_notzone, "NOTZONE", 0}, \
+	{ 11, "RESERVED11", TOTEXTONLY}, \
+	{ 12, "RESERVED12", TOTEXTONLY}, \
+	{ 13, "RESERVED13", TOTEXTONLY}, \
+	{ 14, "RESERVED14", TOTEXTONLY}, \
+	{ 15, "RESERVED15", TOTEXTONLY},

 #define ERCODENAMES \
 	/* extended rcodes */ \
@@ -260,6 +267,7 @@ dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
 		unsigned int n;
 		n = strlen(table[i].name);
 		if (n == source->length &&
+		    (table[i].flags & TOTEXTONLY) == 0 &&
 		    strncasecmp(source->base, table[i].name, n) == 0) {
 			*valuep = table[i].value;
 			return (ISC_R_SUCCESS);