BIND 10 trac505, updated. f998d613872373c2fbf7088088d7464e79cc10c3 [trac505] Don't fail on too long synthesized names
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Feb 3 18:02:53 UTC 2011
The branch, trac505 has been updated
via f998d613872373c2fbf7088088d7464e79cc10c3 (commit)
via c5f4af2f749808f7e8b96dca09819f69bb094031 (commit)
from 8ddc37ac3b6229f03a1fc122ea3c1c8906cbd75b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f998d613872373c2fbf7088088d7464e79cc10c3
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Thu Feb 3 18:49:59 2011 +0100
[trac505] Don't fail on too long synthesized names
Return YXDOMAIN instead.
commit c5f4af2f749808f7e8b96dca09819f69bb094031
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Thu Feb 3 17:35:04 2011 +0100
[trac505] Test for synthesis resulting in too long name
-----------------------------------------------------------------------
Summary of changes:
src/bin/auth/query.cc | 32 ++++++++++++++++++++---------
src/bin/auth/tests/query_unittest.cc | 37 ++++++++++++++++++++++++++++++++-
2 files changed, 57 insertions(+), 12 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/auth/query.cc b/src/bin/auth/query.cc
index e06a39b..38c8180 100644
--- a/src/bin/auth/query.cc
+++ b/src/bin/auth/query.cc
@@ -177,16 +177,28 @@ Query::process() const {
// by that)
RRsetPtr cname(new RRset(qname_, rrset->getClass(),
RRType::CNAME(), rrset->getTTL()));
- // Construct the new target by replacing the end
- cname->addRdata(rdata::generic::CNAME(qname_.split(0,
- qname_.getLabelCount() -
- rrset->getName().getLabelCount()).concatenate(
- dname.getDname())));
- rrset = cname;
- // If this was ANY, act as it wasn't, because we put the CNAME
- // into rrset, not to target and there's nothing else.
- // TODO: This might need to be changed when CNAME gets chaining.
- qtype_is_any = false;
+ try {
+ // Construct the new target by replacing the end
+ cname->addRdata(rdata::generic::CNAME(qname_.split(0,
+ qname_.getLabelCount() -
+ rrset->getName().getLabelCount()).concatenate(
+ dname.getDname())));
+ rrset = cname;
+ // If this was ANY, act as it wasn't, because we put the
+ // CNAME into rrset, not to target and there's nothing else.
+ // TODO: This might need to be changed when CNAME gets
+ // chaining.
+ qtype_is_any = false;
+ }
+ /*
+ * In case the synthetized name is too long, section 4.1 of RFC 2672
+ * mandates we return YXDOMAIN.
+ */
+ catch (const isc::dns::TooLongName&) {
+ response_.setRcode(Rcode::YXDOMAIN());
+ getAuthAdditional(*result.zone);
+ return;
+ }
// No break; here, fall trough.
}
case Zone::CNAME:
diff --git a/src/bin/auth/tests/query_unittest.cc b/src/bin/auth/tests/query_unittest.cc
index ba79c67..60cc290 100644
--- a/src/bin/auth/tests/query_unittest.cc
+++ b/src/bin/auth/tests/query_unittest.cc
@@ -79,6 +79,13 @@ const char* const dname_txt =
"dname.example.com. 3600 IN DNAME dnametarget.example.com.\n";
const char* const dname_a_txt =
"dname.example.com. 3600 IN A 192.0.2.5\n";
+const char* const dname_long_txt =
+ "longdname.example.com. 3600 IN DNAME "
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+ "example.com.\n";
// This is not inside the zone, this is created at runtime
const char* const synthetized_cname_txt =
"www.dname.example.com. 3600 IN CNAME www.dnametarget.example.com.\n";
@@ -103,6 +110,7 @@ public:
origin_(Name("example.com")),
delegation_name_("delegation.example.com"),
dname_name_("dname.example.com"),
+ longdname_name_("longdname.example.com"),
has_SOA_(true),
has_apex_NS_(true),
rrclass_(RRClass::IN())
@@ -111,7 +119,7 @@ public:
zone_stream << soa_txt << zone_ns_txt << ns_addrs_txt <<
delegation_txt << mx_txt << www_a_txt << cname_txt <<
cname_nxdom_txt << cname_out_txt << dname_txt << dname_a_txt <<
- other_zone_rrs;
+ dname_long_txt << other_zone_rrs;
masterLoad(zone_stream, origin_, rrclass_,
boost::bind(&MockZone::loadRRset, this, _1));
@@ -144,16 +152,22 @@ private:
rrset->getType() == RRType::DNAME())
{
dname_rrset_ = rrset;
+ } else if (rrset->getName() == longdname_name_ &&
+ rrset->getType() == RRType::DNAME())
+ {
+ longdname_rrset_ = rrset;
}
}
const Name origin_;
const Name delegation_name_;
const Name dname_name_;
+ const Name longdname_name_;
bool has_SOA_;
bool has_apex_NS_;
ConstRRsetPtr delegation_rrset_;
ConstRRsetPtr dname_rrset_;
+ ConstRRsetPtr longdname_rrset_;
const RRClass rrclass_;
};
@@ -180,6 +194,10 @@ MockZone::find(const Name& name, const RRType& type,
NameComparisonResult::SUBDOMAIN)
{
return (FindResult(DNAME, dname_rrset_));
+ } else if (name.compare(longdname_name_).getRelation() ==
+ NameComparisonResult::SUBDOMAIN)
+ {
+ return (FindResult(DNAME, longdname_rrset_));
}
// normal cases. names are searched for only per exact-match basis
@@ -359,7 +377,7 @@ TEST_F(QueryTest, nodomainANY) {
NULL, soa_txt, NULL, mock_zone->getOrigin());
}
-// This tests that when we need to look up Zone's apex NS records for
+
// authoritative answer, and there is no apex NS records. It should
// throw in that case.
TEST_F(QueryTest, noApexNS) {
@@ -612,4 +630,19 @@ TEST_F(QueryTest, DNAME_NX_RRSET) {
NULL, soa_txt, NULL, mock_zone->getOrigin());
}
+/*
+ * Constructing the CNAME will result in a name that is too long. This,
+ * however, should not throw (and crash the server), but respond with
+ * YXDOMAIN.
+ */
+TEST_F(QueryTest, LongDNAME) {
+ EXPECT_NO_THROW(Query(memory_datasrc,
+ Name("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+ "somethingveryveryverylong.longdname.example.com"), RRType::A(),
+ response).process());
+
+ responseCheck(response, Rcode::YXDOMAIN(), AA_FLAG, 1, 3, 3,
+ dname_long_txt, zone_ns_txt, ns_addrs_txt);
+}
+
}
More information about the bind10-changes
mailing list