BIND 10 trac2521, updated. 4c8efe3ad82e6f62f663579c4e792f70db7012bc [2521] Handle space-separated base-64 digest in DHCID, per Jinmei's review.
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri Apr 26 01:48:39 UTC 2013
The branch, trac2521 has been updated
via 4c8efe3ad82e6f62f663579c4e792f70db7012bc (commit)
via 3bfd98d48a7b8e132931a950cf5d52ae1b324159 (commit)
via d06ff546486bc123c1fafbe8b20bb5e60557970c (commit)
from 858d5facb7af996524fed919231d5ff55ad54aa4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4c8efe3ad82e6f62f663579c4e792f70db7012bc
Author: Paul Selkirk <pselkirk at isc.org>
Date: Thu Apr 25 21:44:49 2013 -0400
[2521] Handle space-separated base-64 digest in DHCID, per Jinmei's review.
Also added more DHCID base-64 unittest cases.
commit 3bfd98d48a7b8e132931a950cf5d52ae1b324159
Author: Paul Selkirk <pselkirk at isc.org>
Date: Thu Apr 25 21:40:57 2013 -0400
[2521] Rearrange RRSIG parser error handling, per Jinmei's review.
Also handle space-separated base-64 in RRSIG signature field.
Also add more RRSIG unittest cases.
commit d06ff546486bc123c1fafbe8b20bb5e60557970c
Author: Paul Selkirk <pselkirk at isc.org>
Date: Thu Apr 25 20:38:13 2013 -0400
[2521] doc cleanup for OPT, per Jinmei's review
-----------------------------------------------------------------------
Summary of changes:
src/lib/dns/rdata/generic/opt_41.cc | 6 +++-
src/lib/dns/rdata/generic/rrsig_46.cc | 54 ++++++++++++++++-------------
src/lib/dns/rdata/generic/rrsig_46.h | 6 ++++
src/lib/dns/rdata/in_1/dhcid_49.cc | 24 ++++++++-----
src/lib/dns/tests/rdata_dhcid_unittest.cc | 20 ++++++++++-
src/lib/dns/tests/rdata_rrsig_unittest.cc | 47 +++++++++++++++++++++++--
6 files changed, 119 insertions(+), 38 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/dns/rdata/generic/opt_41.cc b/src/lib/dns/rdata/generic/opt_41.cc
index a44cb9b..136bdf9 100644
--- a/src/lib/dns/rdata/generic/opt_41.cc
+++ b/src/lib/dns/rdata/generic/opt_41.cc
@@ -20,7 +20,6 @@
#include <dns/messagerenderer.h>
#include <dns/rdata.h>
#include <dns/rdataclass.h>
-#include <dns/rdata/generic/detail/lexer_util.h>
using namespace std;
using namespace isc::util;
@@ -30,6 +29,8 @@ using namespace isc::util;
/// \brief Constructor from string.
///
+/// This constructor cannot be used, and always throws an exception.
+///
/// \throw InvalidRdataText OPT RR cannot be constructed from text.
OPT::OPT(const std::string&) {
isc_throw(InvalidRdataText, "OPT RR cannot be constructed from text");
@@ -37,6 +38,8 @@ OPT::OPT(const std::string&) {
/// \brief Constructor with a context of MasterLexer.
///
+/// This constructor cannot be used, and always throws an exception.
+///
/// \throw InvalidRdataText OPT RR cannot be constructed from text.
OPT::OPT(MasterLexer&, const Name*,
MasterLoader::Options, MasterLoaderCallbacks&)
@@ -61,6 +64,7 @@ OPT::OPT(const OPT&) : Rdata() {
std::string
OPT::toText() const {
+ // OPT records do not have a text format.
return ("");
}
diff --git a/src/lib/dns/rdata/generic/rrsig_46.cc b/src/lib/dns/rdata/generic/rrsig_46.cc
index 1f9ebae..f4022a8 100644
--- a/src/lib/dns/rdata/generic/rrsig_46.cc
+++ b/src/lib/dns/rdata/generic/rrsig_46.cc
@@ -77,43 +77,48 @@ struct RRSIGImpl {
// helper function for string and lexer constructors
void
RRSIG::createFromLexer(MasterLexer& lexer, const Name* origin) {
- const string covered_txt =
- lexer.getNextToken(MasterToken::STRING).getString();
- const uint32_t algorithm = lexer.getNextToken(MasterToken::NUMBER).
- getNumber();
- const uint32_t labels = lexer.getNextToken(MasterToken::NUMBER).
- getNumber();
- const uint32_t originalttl =
- RRTTL(lexer.getNextToken(MasterToken::STRING).getString()).getValue();
- const string expire_txt =
- lexer.getNextToken(MasterToken::STRING).getString();
- const string inception_txt =
- lexer.getNextToken(MasterToken::STRING).getString();
- const uint32_t tag =
+ const RRType covered(lexer.getNextToken(MasterToken::STRING).getString());
+ const uint32_t algorithm =
lexer.getNextToken(MasterToken::NUMBER).getNumber();
- const Name signer = createNameFromLexer(lexer, origin);
- const string signature_txt =
- lexer.getNextToken(MasterToken::STRING).getString();
-
if (algorithm > 0xff) {
isc_throw(InvalidRdataText, "RRSIG algorithm out of range");
}
+ const uint32_t labels =
+ lexer.getNextToken(MasterToken::NUMBER).getNumber();
if (labels > 0xff) {
isc_throw(InvalidRdataText, "RRSIG labels out of range");
}
+ const uint32_t originalttl =
+ RRTTL(lexer.getNextToken(MasterToken::STRING).getString()).getValue();
+ const uint32_t timeexpire =
+ timeFromText32(lexer.getNextToken(MasterToken::STRING).getString());
+ const uint32_t timeinception =
+ timeFromText32(lexer.getNextToken(MasterToken::STRING).getString());
+ const uint32_t tag =
+ lexer.getNextToken(MasterToken::NUMBER).getNumber();
if (tag > 0xffff) {
isc_throw(InvalidRdataText, "RRSIG key tag out of range");
}
-
- const uint32_t timeexpire = timeFromText32(expire_txt);
- const uint32_t timeinception = timeFromText32(inception_txt);
+ const Name signer = createNameFromLexer(lexer, origin);
+ string signature_txt =
+ lexer.getNextToken(MasterToken::STRING).getString();
+ // RFC4034 says "Whitespace is allowed within the Base64 text."
+ // So read to the end of input.
+ while (true) {
+ const MasterToken& token = lexer.getNextToken();
+ if (token.getType() != MasterToken::STRING) {
+ break;
+ }
+ signature_txt.append(token.getString());
+ }
+ lexer.ungetToken();
vector<uint8_t> signature;
decodeBase64(signature_txt, signature);
- impl_ = new RRSIGImpl(RRType(covered_txt), algorithm, labels,
- originalttl, timeexpire, timeinception,
- static_cast<uint16_t>(tag), signer, signature);
+ impl_ = new RRSIGImpl(covered, algorithm, labels,
+ originalttl, timeexpire, timeinception,
+ static_cast<uint16_t>(tag), signer, signature);
}
/// \brief Constructor from string.
@@ -161,7 +166,8 @@ RRSIG::RRSIG(const std::string& rrsig_str) :
///
/// The Original TTL field can be either a valid decimal representation of an
/// unsigned 32-bit integer or other valid textual representation of \c RRTTL
-/// such as "1H" (which means 3600).
+/// such as "1H" (which means 3600). Note that this differs from BIND 9,
+/// which only allows the Original TTL field to be expressed in seconds.
///
/// \throw MasterLexer::LexerError General parsing error such as missing field.
/// \throw Other Exceptions from the Name and RRTTL constructors if
diff --git a/src/lib/dns/rdata/generic/rrsig_46.h b/src/lib/dns/rdata/generic/rrsig_46.h
index 6d66bed..86c4448 100644
--- a/src/lib/dns/rdata/generic/rrsig_46.h
+++ b/src/lib/dns/rdata/generic/rrsig_46.h
@@ -32,6 +32,12 @@
struct RRSIGImpl;
+/// \brief \c rdata::RRSIG class represents the RRSIG RDATA as defined %in
+/// RFC4034.
+///
+/// This class implements the basic interfaces inherited from the abstract
+/// \c rdata::Rdata class, and provides trivial accessors specific to the
+/// RRSIG RDATA.
class RRSIG : public Rdata {
public:
// BEGIN_COMMON_MEMBERS
diff --git a/src/lib/dns/rdata/in_1/dhcid_49.cc b/src/lib/dns/rdata/in_1/dhcid_49.cc
index dc292c6..fee90b1 100644
--- a/src/lib/dns/rdata/in_1/dhcid_49.cc
+++ b/src/lib/dns/rdata/in_1/dhcid_49.cc
@@ -33,8 +33,15 @@ using namespace isc::util::encode;
void
DHCID::createFromLexer(MasterLexer& lexer) {
- const string digest_txt =
- lexer.getNextToken(MasterToken::STRING).getString();
+ string digest_txt = lexer.getNextToken(MasterToken::STRING).getString();
+ while (true) {
+ const MasterToken& token = lexer.getNextToken();
+ if (token.getType() != MasterToken::STRING) {
+ break;
+ }
+ digest_txt.append(token.getString());
+ }
+ lexer.ungetToken();
decodeBase64(digest_txt, digest_);
// RFC4701 states DNS software should consider the RDATA section to
@@ -67,13 +74,12 @@ DHCID::DHCID(const std::string& dhcid_str) {
std::istringstream iss(dhcid_str);
MasterLexer lexer;
lexer.pushSource(iss);
-
- createFromLexer(lexer);
-
- if (lexer.getNextToken().getType() != MasterToken::END_OF_FILE) {
- isc_throw(InvalidRdataText, "extra input text for DHCID: "
- << dhcid_str);
- }
+ createFromLexer(lexer);
+ // RFC4701 says we have to support white-space-separated substrings,
+ // so we have to read to the end of input. Therefore, we can't detect
+ // extra input past the end of the digest. OTOH, extra text is likely
+ // to result in a base64 decoding error, so BadValue will be thrown in
+ // that case.
} catch (const MasterLexer::LexerError& ex) {
isc_throw(InvalidRdataText, "Failed to construct DHCID from '" <<
dhcid_str << "': " << ex.what());
diff --git a/src/lib/dns/tests/rdata_dhcid_unittest.cc b/src/lib/dns/tests/rdata_dhcid_unittest.cc
index 8d56c0e..2f2d38c 100644
--- a/src/lib/dns/tests/rdata_dhcid_unittest.cc
+++ b/src/lib/dns/tests/rdata_dhcid_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
@@ -43,6 +43,24 @@ TEST_F(Rdata_DHCID_Test, createFromString) {
EXPECT_EQ(0, rdata_dhcid2.compare(rdata_dhcid));
}
+TEST_F(Rdata_DHCID_Test, spaceSeparatedBase64) {
+ const in::DHCID rdata_dhcid2(
+ "0LIg0LvQtdGB0YMg 0YDQvtC00LjQu9Cw 0YHRjCDRkdC70L7R h9C60LA=");
+ EXPECT_EQ(0, rdata_dhcid2.compare(rdata_dhcid));
+}
+
+TEST_F(Rdata_DHCID_Test, multiLineBase64) {
+ const in::DHCID rdata_dhcid2(
+ "( 0LIg0LvQtdGB0YMg0YDQvtC00LjQu9Cw\n0YHRjCDRkdC70L7R h9C60LA= )");
+ EXPECT_EQ(0, rdata_dhcid2.compare(rdata_dhcid));
+}
+
+TEST_F(Rdata_DHCID_Test, extraText) {
+ EXPECT_THROW(const in::DHCID rdata_dhcid2(
+ "0LIg0LvQtdGB0YMg 0YDQvtC00LjQu9Cw 0YHRjCDRkdC70L7R h9C60LA="
+ " superextrabogustext"), isc::BadValue);
+}
+
TEST_F(Rdata_DHCID_Test, badBase64) {
EXPECT_THROW(const in::DHCID rdata_dhcid_bad("00"), isc::BadValue);
}
diff --git a/src/lib/dns/tests/rdata_rrsig_unittest.cc b/src/lib/dns/tests/rdata_rrsig_unittest.cc
index 1d84339..f28d86b 100644
--- a/src/lib/dns/tests/rdata_rrsig_unittest.cc
+++ b/src/lib/dns/tests/rdata_rrsig_unittest.cc
@@ -55,9 +55,43 @@ TEST_F(Rdata_RRSIG_Test, fromText) {
EXPECT_EQ(isc::dns::RRType::A(), rdata_rrsig.typeCovered());
}
+TEST_F(Rdata_RRSIG_Test, spaceSeparatedBase64) {
+ const generic::RRSIG sig(
+ "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
+ "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz "
+ "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/ "
+ "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU "
+ "f49t+sXKPzbipN9g+s1ZPiIyofc=");
+ EXPECT_EQ(rrsig_txt, sig.toText());
+}
+
+TEST_F(Rdata_RRSIG_Test, multiLineBase64) {
+ const generic::RRSIG sig(
+ "A 5 4 43200 20100223214617 20100222214617 8496 isc.org. "
+ "( evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz\n"
+ "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/\n"
+ "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU\n"
+ "f49t+sXKPzbipN9g+s1ZPiIyofc= )");
+ EXPECT_EQ(rrsig_txt, sig.toText());
+}
+
TEST_F(Rdata_RRSIG_Test, badText) {
// missing fields
- EXPECT_THROW(const generic::RRSIG sig("SPORK"), InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("SPORK"), InvalidRRType);
+ EXPECT_THROW(const generic::RRSIG sig("A"), InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("A 5"), InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("A 5 4"), InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("A 5 4 43200"), InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("A 5 4 43200 20100223214617"),
+ InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("A 5 4 43200 20100223214617 "
+ "20100222214617"), InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("A 5 4 43200 20100223214617 "
+ "20100222214617 8496"),
+ InvalidRdataText);
+ EXPECT_THROW(const generic::RRSIG sig("A 5 4 43200 20100223214617 "
+ "20100222214617 8496 isc.org."),
+ InvalidRdataText);
// bad algorithm
EXPECT_THROW(const generic::RRSIG sig("A 555 4 43200 "
"20100223214617 20100222214617 8496 isc.org. "
@@ -79,9 +113,16 @@ TEST_F(Rdata_RRSIG_Test, badText) {
"diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
"NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
"f49t+sXKPzbipN9g+s1ZPiIyofc="), InvalidRRTTL);
- // bad signature expiration, inception
+ // bad signature expiration
+ EXPECT_THROW(const generic::RRSIG sig("A 5 4 43200 "
+ "20100223 20100222214617 8496 isc.org. "
+ "evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz"
+ "diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
+ "NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
+ "f49t+sXKPzbipN9g+s1ZPiIyofc="), InvalidTime);
+ // bad signature inception
EXPECT_THROW(const generic::RRSIG sig("A 5 4 43200 "
- "20100223 20100227 8496 isc.org. "
+ "20100223214617 20100227 8496 isc.org. "
"evxhlGx13mpKLVkKsjpGzycS5twtIoxOmlN14w9t5AgzGBmz"
"diGdLIrFabqr72af2rUq+UDBKMWXujwZTZUTws32sVldDPk/"
"NbuacJM25fQXfv5mO3Af7TOoow3AjMaVG9icjCW0V55WcWQU"
More information about the bind10-changes
mailing list