upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 06:09:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add system tests that imports invalid SKR file

Browse source 
Try to import invalid SKR file and observe whether the named is still
alive.  This test only triggers under ASAN.
This commit is contained in:
Ondřej Surý 2026-02-22 07:27:07 +01:00
parent 8ab4827a0c
commit a82773ea89
3 changed files with 39 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
bin/tests/system/ksr/ns1/named.conf.j2
View file

@ -93,3 +93,17 @@ dnssec-policy "ksk-roll" {
zsk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
dnssec-policy "invalid-skr" {
offline-ksk yes;
keys {
ksk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
zsk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
zone "invalid-skr.test" {
type primary;
file "invalid-skr.test.db";
dnssec-policy "invalid-skr";
};

1
bin/tests/system/ksr/ns1/setup.sh
View file

@ -27,3 +27,4 @@ cp template.db.in in-the-middle.test.db
cp template.db.in unlimited.test.db
cp template.db.in two-tone.test.db
cp template.db.in ksk-roll.test.db
cp template.db.in invalid-skr.test.db

24
bin/tests/system/ksr/tests_ksr.py
View file

@ -34,6 +34,7 @@ pytestmark = pytest.mark.extra_artifacts(
"past.test.*",
"two-tone.test.*",
"unlimited.test.*",
"invalid-skr.test.*",
"ns1/K*",
"ns1/_default.nzd",
"ns1/_default.nzf",
@ -77,6 +78,11 @@ pytestmark = pytest.mark.extra_artifacts(
"ns1/unlimited.test.db.signed",
"ns1/unlimited.test.db.signed.jnl",
"ns1/unlimited.test.unlimited.skr.1",
"ns1/invalid-skr.test.db",
"ns1/invalid-skr.test.db.jbk",
"ns1/invalid-skr.test.db.signed",
"ns1/invalid-skr.test.db.signed.jnl",
"ns1/invalid-skr.test.skr.1",
]
)
@ -1298,3 +1304,21 @@ def test_ksr_kskroll(ns1):
isctest.kasp.check_apex(ns1, zone, ksks, zsks, offline_ksk=True)
# - check subdomain
isctest.kasp.check_subdomain(ns1, zone, ksks, zsks, offline_ksk=True)
def test_ksr_oversize(ns1):
zone = "invalid-skr.test"
n = 1
skr_fname = f"{zone}.skr.{n}"
token_len = 5000
with open(skr_fname, "w", encoding="utf-8") as skr:
huge_token = "A" * token_len
skr.write(f";; SignedKeyResponse 1.0 {huge_token}\n")
# - try importing invalid SKR file
shutil.copyfile(skr_fname, f"ns1/{skr_fname}")
ns1.rndc(f"skr -import {skr_fname} {zone}")
# - check if named is still running
ns1.rndc("status")