Remove the rndc testgen command

testgen existed solely to let the rndc system test exercise large response payloads — it has no operator value, accepts an unbounded count, and could be invoked by any read-only rndc client to drive named into memory exhaustion. Drop the command, the gencheck helper that validated its output, and the buffer-size loop in the rndc system test; the remaining rndc subcommands already produce non-trivial responses, so the framing path stays exercised. Assisted-by: Claude:claude-opus-4-7
2026-05-21 17:41:35 -04:00 · 2026-04-29 20:41:20 +02:00 · 2026-04-29 20:41:20 +02:00 · ac79f8cfeb
commit ac79f8cfeb
parent f5853e765f
10 changed files with 3 additions and 160 deletions
--- a/bin/named/control.c
+++ b/bin/named/control.c
@ -116,7 +116,6 @@ named_control_docommand(isccc_sexpr_t *message, bool readonly,
 	    !command_compare(command, NAMED_COMMAND_NULL) &&
 	    !command_compare(command, NAMED_COMMAND_STATUS) &&
 	    !command_compare(command, NAMED_COMMAND_SHOWZONE) &&
-	    !command_compare(command, NAMED_COMMAND_TESTGEN) &&
 	    !command_compare(command, NAMED_COMMAND_ZONESTATUS))
 	{
 		isc_log_write(NAMED_LOGCATEGORY_GENERAL,
@ -271,8 +270,6 @@ named_control_docommand(isccc_sexpr_t *message, bool readonly,
 		result = named_server_sync(named_g_server, lex, text);
 	} else if (command_compare(command, NAMED_COMMAND_TCPTIMEOUTS)) {
 		result = named_server_tcptimeouts(lex, text);
-	} else if (command_compare(command, NAMED_COMMAND_TESTGEN)) {
-		result = named_server_testgen(lex, text);
 	} else if (command_compare(command, NAMED_COMMAND_THAW) ||
 		   command_compare(command, NAMED_COMMAND_UNFREEZE))
 	{
--- a/bin/named/include/named/control.h
+++ b/bin/named/include/named/control.h
@ -70,7 +70,6 @@
 #define NAMED_COMMAND_STOP	   "stop"
 #define NAMED_COMMAND_SYNC	   "sync"
 #define NAMED_COMMAND_TCPTIMEOUTS  "tcp-timeouts"
-#define NAMED_COMMAND_TESTGEN	   "testgen"
 #define NAMED_COMMAND_THAW	   "thaw"
 #define NAMED_COMMAND_TRACE	   "trace"
 #define NAMED_COMMAND_UNFREEZE	   "unfreeze"
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@ -361,13 +361,6 @@ isc_result_t
 named_server_nta(named_server_t *server, isc_lex_t *lex, bool readonly,
 		 isc_buffer_t *text);

-/*%
- * Generates a test sequence that is only for use in system tests. The
- * argument is the size of required output in bytes.
- */
-isc_result_t
-named_server_testgen(isc_lex_t *lex, isc_buffer_t *text);
-
 /*%
 * Force fefresh or print status for managed keys zones.
 */
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -11702,40 +11702,6 @@ cleanup:
 	return result;
 }

-isc_result_t
-named_server_testgen(isc_lex_t *lex, isc_buffer_t *text) {
-	isc_result_t result;
-	char *ptr;
-	unsigned long count;
-	unsigned long i;
-	const unsigned char chars[] = "abcdefghijklmnopqrstuvwxyz0123456789";
-
-	REQUIRE(text != NULL);
-
-	/* Skip the command name. */
-	ptr = next_token(lex, text);
-	if (ptr == NULL) {
-		return ISC_R_UNEXPECTEDEND;
-	}
-
-	ptr = next_token(lex, text);
-	if (ptr == NULL) {
-		count = 26;
-	} else {
-		count = strtoul(ptr, NULL, 10);
-	}
-
-	CHECK(isc_buffer_reserve(text, count));
-	for (i = 0; i < count; i++) {
-		CHECK(putuint8(text, chars[i % (sizeof(chars) - 1)]));
-	}
-
-	CHECK(putnull(text));
-
-cleanup:
-	return result;
-}
-
 /*
 * Act on a "sign" or "loadkeys" command from the command channel.
 */
--- a/bin/tests/system/isctest/vars/basic.py
+++ b/bin/tests/system/isctest/vars/basic.py
@ -46,7 +46,6 @@ BASIC_VARS = {
    "VERIFY": f"{BUILD_VARS['TOP_BUILDDIR']}/dnssec-verify",
    "WIRETEST": f"{BUILD_VARS['TOP_BUILDDIR']}/wire-test",
    "BIGKEY": f"{BUILD_VARS['TOP_BUILDDIR']}/bigkey",
-    "GENCHECK": f"{BUILD_VARS['TOP_BUILDDIR']}/gencheck",
    "PIPEQUERIES": f"{BUILD_VARS['TOP_BUILDDIR']}/pipequeries",
    "TMPDIR": os.getenv("TMPDIR", "/tmp"),
    "KRB5_CONFIG": "/dev/null",  # we don't want a KRB5_CONFIG setting breaking the tests
--- a/bin/tests/system/meson.build
+++ b/bin/tests/system/meson.build
@ -22,7 +22,6 @@ subdir('isctest' / 'vars' / '.build_vars')
 system_test_binaries += {
    # 'bigkey': files('rsabigexponent' / 'bigkey.c'),
    'feature-test': files('feature-test.c'),
-    'gencheck': files('rndc' / 'gencheck.c'),
    'pipequeries': files('pipelined' / 'pipequeries.c'),
    'wire-test': files('wire-test.c'),
 }
--- a/bin/tests/system/rndc/.gitignore
+++ b/bin/tests/system/rndc/.gitignore
@ -1 +0,0 @@
-/gencheck
--- a/bin/tests/system/rndc/gencheck.c
+++ b/bin/tests/system/rndc/gencheck.c
@ -1,88 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#define USAGE "usage: gencheck <filename>\n"
-
-static int
-check(const char *buf, ssize_t count, size_t *start) {
-	const char chars[] = "abcdefghijklmnopqrstuvwxyz0123456789";
-	ssize_t i;
-
-	for (i = 0; i < count; i++, *start = (*start + 1) % (sizeof(chars) - 1))
-	{
-		/* Just ignore the trailing newline */
-		if (buf[i] == '\n') {
-			continue;
-		}
-		if (buf[i] != chars[*start]) {
-			return 0;
-		}
-	}
-
-	return 1;
-}
-
-int
-main(int argc, char **argv) {
-	int ret;
-	int fd;
-	ssize_t count;
-	char buf[1024];
-	size_t start;
-	size_t length;
-
-	ret = EXIT_FAILURE;
-	fd = -1;
-	length = 0;
-
-	if (argc != 2) {
-		fprintf(stderr, USAGE);
-		goto out;
-	}
-
-	fd = open(argv[1], O_RDONLY);
-	if (fd == -1) {
-		goto out;
-	}
-
-	start = 0;
-	while ((count = read(fd, buf, sizeof(buf))) != 0) {
-		if (count < 0) {
-			goto out;
-		}
-
-		if (!check(buf, count, &start)) {
-			goto out;
-		}
-
-		length += count;
-	}
-
-	ret = EXIT_SUCCESS;
-
-out:
-	printf("%lu\n", (unsigned long)length);
-
-	if (fd != -1) {
-		close(fd);
-	}
-
-	return ret;
-}
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@ -527,30 +527,10 @@ grep 'unknown class' rndc.out.4.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))

-for i in 512 1024 2048 4096 8192 16384 32768 65536 131072 262144 524288; do
-  n=$((n + 1))
-  echo_i "testing rndc buffer size limits (size=${i}) ($n)"
-  ret=0
-  $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 >rndc.out.$i.test$n || ret=1
-  {
-    actual_size=$($GENCHECK rndc.out.$i.test$n)
-    rc=$?
-  } || true
-  if [ "$rc" = "0" ]; then
-    expected_size=$((i + 1))
-    if [ $actual_size != $expected_size ]; then ret=1; fi
-  else
-    ret=1
-  fi
-
-  if [ $ret != 0 ]; then echo_i "failed"; fi
-  status=$((status + ret))
-done
-
 n=$((n + 1))
 echo_i "testing rndc -r (show result) ($n)"
 ret=0
-$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r testgen 0 2>&1 >rndc.out.1.test$n || ret=1
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r null 2>&1 >rndc.out.1.test$n || ret=1
 grep "ISC_R_SUCCESS 0" rndc.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -527,9 +527,8 @@ and retrieve non-DNS results from a name server.
 ``read-only``
   If the ``read-only`` argument is ``on``, the control channel is limited
   to the following set of read-only commands: ``nta -dump``, :any:`null`,
-   ``status``, ``showzone``, ``testgen``, and ``zonestatus``. By default,
-   ``read-only`` is not enabled and the control channel allows read-write
-   access.
+   ``status``, ``showzone``, and ``zonestatus``. By default, ``read-only``
+   is not enabled and the control channel allows read-write access.

 If no :any:`controls` statement is present, :iscman:`named` sets up a default
 control channel listening on the loopback address 127.0.0.1 and its IPv6