4249. [func] Improve error reporting of TSIG / SIG(0) records in

the wrong location. [RT #40953]

CHANGES

@@ -1,3 +1,6 @@
+4249.	[func]		Improve error reporting of TSIG / SIG(0) records in
+			the wrong location. [RT #40953]
+
 4248.	[func]		Add an isc_atomic_storeq() function, use it in
 			stats counters to improve performance.
 			[RT #39972] [RT #39979]

lib/dns/include/dns/result.h

@@ -156,8 +156,10 @@
 #define DNS_R_BADCDNSKEY		(ISC_RESULTCLASS_DNS + 112)
 #define DNS_R_OPTERR			(ISC_RESULTCLASS_DNS + 113)
 #define DNS_R_BADDNSTAP			(ISC_RESULTCLASS_DNS + 114)
+#define DNS_R_BADTSIG			(ISC_RESULTCLASS_DNS + 115)
+#define DNS_R_BADSIG0			(ISC_RESULTCLASS_DNS + 116)
 
-#define DNS_R_NRESULTS			115	/*%< Number of results */
+#define DNS_R_NRESULTS			117	/*%< Number of results */
 
 /*
  * DNS wire format rcodes.

lib/dns/message.c

@@ -993,12 +993,12 @@ getrdata(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 	}
 }
 
-#define DO_FORMERR					\
+#define DO_ERROR(r)					\
 	do {						\
 		if (best_effort)			\
 			seen_problem = ISC_TRUE;	\
 		else {					\
-			result = DNS_R_FORMERR;		\
+			result = r;			\
 			goto cleanup;			\
 		}					\
 	} while (0)
@@ -1073,7 +1073,7 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 		 */
 		if (result != ISC_R_SUCCESS) {
 			if (!ISC_LIST_EMPTY(*section))
-				DO_FORMERR;
+				DO_ERROR(DNS_R_FORMERR);
 			ISC_LIST_APPEND(*section, name, link);
 			free_name = ISC_FALSE;
 		} else {
@@ -1102,14 +1102,14 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			msg->state = DNS_SECTION_QUESTION;
 			msg->rdclass = rdclass;
 		} else if (msg->rdclass != rdclass)
-			DO_FORMERR;
+			DO_ERROR(DNS_R_FORMERR);
 
 		/*
 		 * Can't ask the same question twice.
 		 */
 		result = dns_message_find(name, rdclass, rdtype, 0, NULL);
 		if (result == ISC_R_SUCCESS)
-			DO_FORMERR;
+			DO_ERROR(DNS_R_FORMERR);
 
 		/*
 		 * Allocate a new rdatalist.
@@ -1265,7 +1265,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 		    && rdtype != dns_rdatatype_tkey /* Win2000 TKEY */
 		    && msg->rdclass != dns_rdataclass_any
 		    && msg->rdclass != rdclass)
-			DO_FORMERR;
+			DO_ERROR(DNS_R_FORMERR);
 
 		/*
 		 * Special type handling for TSIG, OPT, and TKEY.
@@ -1278,7 +1278,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			if (sectionid != DNS_SECTION_ADDITIONAL ||
 			    rdclass != dns_rdataclass_any ||
 			    count != msg->counts[sectionid]  - 1)
-				DO_FORMERR;
+				DO_ERROR(DNS_R_BADTSIG);
 			msg->sigstart = recstart;
 			skip_name_search = ISC_TRUE;
 			skip_type_search = ISC_TRUE;
@@ -1291,7 +1291,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			if (!dns_name_equal(dns_rootname, name) ||
 			    sectionid != DNS_SECTION_ADDITIONAL ||
 			    msg->opt != NULL)
-				DO_FORMERR;
+				DO_ERROR(DNS_R_FORMERR);
 			skip_name_search = ISC_TRUE;
 			skip_type_search = ISC_TRUE;
 		} else if (rdtype == dns_rdatatype_tkey) {
@@ -1310,7 +1310,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 				tkeysection = DNS_SECTION_ANSWER;
 			if (sectionid != tkeysection &&
 			    sectionid != DNS_SECTION_ANSWER)
-				DO_FORMERR;
+				DO_ERROR(DNS_R_FORMERR);
 		}
 
 		/*
@@ -1370,14 +1370,14 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 		    rdata->flags == 0) {
 			covers = dns_rdata_covers(rdata);
 			if (covers == 0)
-				DO_FORMERR;
+				DO_ERROR(DNS_R_FORMERR);
 		} else if (rdtype == dns_rdatatype_sig /* SIG(0) */ &&
 			   rdata->flags == 0) {
 			covers = dns_rdata_covers(rdata);
 			if (covers == 0) {
 				if (sectionid != DNS_SECTION_ADDITIONAL ||
 				    count != msg->counts[sectionid]  - 1)
-					DO_FORMERR;
+					DO_ERROR(DNS_R_BADSIG0);
 				msg->sigstart = recstart;
 				skip_name_search = ISC_TRUE;
 				skip_type_search = ISC_TRUE;
@@ -1444,7 +1444,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 			 * the question section, fail.
 			 */
 			if (dns_rdatatype_questiononly(rdtype))
-				DO_FORMERR;
+				DO_ERROR(DNS_R_FORMERR);
 
 			rdataset = NULL;
 			result = dns_message_find(name, rdclass, rdtype,
@@ -1470,7 +1470,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
 				first = ISC_LIST_HEAD(rdatalist->rdata);
 				INSIST(first != NULL);
 				if (dns_rdata_compare(rdata, first) != 0)
-					DO_FORMERR;
+					DO_ERROR(DNS_R_FORMERR);
 			}
 		}
 

lib/dns/result.c

@@ -166,7 +166,10 @@ static const char *text[DNS_R_NRESULTS] = {
 	"bad CDS",			       /*%< 111 DNS_R_BADCSD */
 	"bad CDNSKEY",			       /*%< 112 DNS_R_BADCDNSKEY */
 	"malformed OPT option",		       /*%< 113 DNS_R_OPTERR */
-	"malformed DNSTAP data",	       /*%< 114 DNS_R_BADDNSTAP*/
+	"malformed DNSTAP data",	       /*%< 114 DNS_R_BADDNSTAP */
+
+	"TSIG in wrong location",	       /*%< 115 DNS_R_BADTSIG */
+	"SIG(0) in wrong location",	       /*%< 116 DNS_R_BADSIG0 */
 };
 
 static const char *ids[DNS_R_NRESULTS] = {
@@ -289,6 +292,8 @@ static const char *ids[DNS_R_NRESULTS] = {
 	"DNS_R_BADCDNSKEY",
 	"DNS_R_OPTERR",
 	"DNS_R_BADDNSTAP",
+	"DNS_R_BADTSIG",
+	"DNS_R_BADSIG0",
 };
 
 static const char *rcode_text[DNS_R_NRCODERESULTS] = {