BIND 10 trac1584review, updated. 694ee39256cd2ebad4b1f5b657fd2a2556ad10a5 [1584review] added a test for a run time collision case for wildcard + NSEC3. main code was simplified; we let Message::addRRset() catch the error and throw.

Thu Feb 16 22:47:43 UTC 2012

The branch, trac1584review has been updated
       via  694ee39256cd2ebad4b1f5b657fd2a2556ad10a5 (commit)
      from  863e56e656f11f8bd37ed75564d01640076d0215 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 694ee39256cd2ebad4b1f5b657fd2a2556ad10a5
Author: JINMEI Tatuya <jinmei at isc.org>
Date:   Thu Feb 16 14:46:52 2012 -0800

    [1584review] added a test for a run time collision case for wildcard + NSEC3.
    main code was simplified; we let Message::addRRset() catch the error and throw.

-----------------------------------------------------------------------

Summary of changes:
 src/bin/auth/query.cc                |    7 +++----
 src/bin/auth/tests/query_unittest.cc |   14 ++++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

-----------------------------------------------------------------------

diff --git a/src/bin/auth/query.cc b/src/bin/auth/query.cc
index 07b0307..ec648f4 100644
--- a/src/bin/auth/query.cc
+++ b/src/bin/auth/query.cc
@@ -195,10 +195,9 @@ Query::addWildcardProof(ZoneFinder& finder,
         // met the zone is broken anyway).
         const ZoneFinder::FindNSEC3Result NSEC3Result(
             finder.findNSEC3(qname_, true));
-        if (NULL == NSEC3Result.next_proof) {
-            isc_throw(BadNSEC3, "Unexpected NSEC3 "
-                      "result for wildcard proof");
-        }
+        // Note that at this point next_proof must not be NULL unless it's
+        // a run time collision (or zone/findNSEC3() is broken).  The
+        // unexpected case will be caught in addRRset() and result in SERVFAIL.
         response_.addRRset(Message::SECTION_AUTHORITY,
                            boost::const_pointer_cast<AbstractRRset>(
                                NSEC3Result.next_proof), dnssec_);
diff --git a/src/bin/auth/tests/query_unittest.cc b/src/bin/auth/tests/query_unittest.cc
index 8bee193..4152ce5 100644
--- a/src/bin/auth/tests/query_unittest.cc
+++ b/src/bin/auth/tests/query_unittest.cc
@@ -1415,6 +1415,20 @@ TEST_F(QueryTest, CNAMEwildNSEC3) {
                   mock_finder->getOrigin());
 }
 
+TEST_F(QueryTest, badWildcardNSEC3) {
+    // Similar to wildcardNSEC3, but emulating run time collision by
+    // returning NULL in the next closer proof for the closest encloser
+    // proof.
+    mock_finder->setNSEC3Flag(true);
+    ZoneFinder::FindNSEC3Result nsec3(true, 0, textToRRset(nsec3_apex_txt),
+                                      ConstRRsetPtr());
+    mock_finder->setNSEC3Result(&nsec3);
+
+    EXPECT_THROW(Query(memory_client, Name("www.wild.example.com"),
+                       RRType::A(), response, true).process(),
+                 isc::InvalidParameter);
+}
+
 TEST_F(QueryTest, badWildcardProof1) {
     // Unexpected case in wildcard proof: ZoneFinder::find() returns SUCCESS
     // when NXDOMAIN is expected.

