upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-21 07:10:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixup crashy.

Browse source 
git-svn-id: file:///svn/unbound/trunk@685 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2007-10-17 14:22:14 +00:00
parent a4d4d0fe3a
commit 108539c94c
3 changed files with 136 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -8,6 +8,8 @@
- changed random generator from random(3) clone to arc4random wrapped - changed random generator from random(3) clone to arc4random wrapped
for thread safety. The random generator is initialised with for thread safety. The random generator is initialised with
entropy from the system. entropy from the system.
- fix crash where failure to prime DNSKEY tried to print null pointer
in the log message.
16 October 2007: Wouter 16 October 2007: Wouter
- no malloc in log_hex. - no malloc in log_hex.

125
testdata/val_faildnskey.rpl vendored Normal file
View file

@ -0,0 +1,125 @@
; config options
; The island of trust is at example.com
server:
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test validator with failed DNSKEY request
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
;REPLY QR AA NOERROR
REPLY QR AA SERVFAIL
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
;example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
;SECTION AUTHORITY
;example.com. IN NS ns.example.com.
;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
;SECTION ADDITIONAL
;ns.example.com. IN A 1.2.3.4
;ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
ENTRY_END
SCENARIO_END

14
validator/validator.c
View file

@ -1662,8 +1662,9 @@ primeResponseToKE(int rcode, struct dns_msg* msg, struct trust_anchor* ta,
ta->dclass); ta->dclass);
} }
if(!dnskey_rrset) { if(!dnskey_rrset) {
log_query_info(VERB_OPS, "failed to prime trust anchor -- " log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- "
"could not fetch DNSKEY rrset", &msg->qinfo); "could not fetch DNSKEY rrset",
ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass);
kkey = key_entry_create_null(qstate->region, ta->name, kkey = key_entry_create_null(qstate->region, ta->name,
ta->namelen, ta->dclass, NULL_KEY_TTL); ta->namelen, ta->dclass, NULL_KEY_TTL);
if(!kkey) { if(!kkey) {
@ -1703,8 +1704,9 @@ primeResponseToKE(int rcode, struct dns_msg* msg, struct trust_anchor* ta,
} }
if(sec != sec_status_secure) { if(sec != sec_status_secure) {
log_query_info(VERB_OPS, "failed to prime trust anchor -- " log_nametypeclass(VERB_OPS, "failed to prime trust anchor -- "
"could not fetch secure DNSKEY rrset", &msg->qinfo); "could not fetch secure DNSKEY rrset",
ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass);
/* NOTE: in this case, we should probably reject the trust /* NOTE: in this case, we should probably reject the trust
* anchor for longer, perhaps forever. */ * anchor for longer, perhaps forever. */
kkey = key_entry_create_null(qstate->region, ta->name, kkey = key_entry_create_null(qstate->region, ta->name,
@ -1717,8 +1719,8 @@ primeResponseToKE(int rcode, struct dns_msg* msg, struct trust_anchor* ta,
return kkey; return kkey;
} }
log_query_info(VERB_ALGO, "Successfully primed trust anchor", log_nametypeclass(VERB_ALGO, "Successfully primed trust anchor",
&msg->qinfo); ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass);
/* store the freshly primed entry in the cache */ /* store the freshly primed entry in the cache */
key_cache_insert(ve->kcache, kkey); key_cache_insert(ve->kcache, kkey);
return kkey; return kkey;