BIND 10 #910: TSIG + TC bit support
BIND 10 Development
do-not-reply at isc.org
Thu Jul 14 07:32:17 UTC 2011
#910: TSIG + TC bit support
-------------------------------------+-------------------------------------
Reporter: | Owner: jinmei
jinmei | Status: accepted
Type: | Milestone:
enhancement | Sprint-20110802
Priority: major | Resolution:
Component: | Sensitive: 0
DNSPacket API | Sub-Project: DNS
Keywords: | Estimated Difficulty: 4.0
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
trac910 is ready for review.
This branch consists of several not-directly-related sets of changes,
which unfortunately makes the total diff a bit big.
- the first two commits extend TSIGContext class so that the Message
class can detect the expected length of TSIG RR.
- most of the remaining changes are for the Message::toWire() so that
the truncation case will be handled correctly. Python test cases
are straightforward mapping from the corresponding C++ tests, so
hopefully this fact reduces review load.
- commit 146c48 is an exception. It's not directly related to
TSIG+TC, but is necessary to handle a corner case scenario. I
considered an option of differing this change and the corner case
handling, but that would open up a possibility of making the
toWire() logic cause an unexpected exception, which would be a
remotely exploitable DoS to the auth server. So I decided it to
include the entire set.
The proposed change entry is as follows:
{{{
269.? [func] jinmei
libdns++/pydnspp: TSIG signing now handles truncated DNS messages
(i.e. with TC bit on) with TSIG correctly.
(Trac #910, git TBD)
}}}
--
Ticket URL: <http://bind10.isc.org/ticket/910#comment:7>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list