diff options
author | Marc van der Wal <103426270+marc-vanderwal@users.noreply.github.com> | 2022-11-28 07:58:01 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-28 07:58:01 +0100 |
commit | 1562cd139a61ffd51656961d938b1b47d23e090a (patch) | |
tree | 1d1ba57aa5802aa860593eab132b49b70cde9316 /t | |
parent | 1fd032c2c914bb9c6c964fef1eec8e6998032a4b (diff) | |
parent | 65a7ce9e5d5faba1926b25bb2f173951b55fcd08 (diff) |
Merge pull request #153 from marc-vanderwal/bugfix/#149
Fix unsafe string manipulations in XS code
Diffstat (limited to 't')
-rw-r--r-- | t/packet.t | 31 | ||||
-rw-r--r-- | t/rr.t | 11 |
2 files changed, 42 insertions, 0 deletions
@@ -28,4 +28,35 @@ is($p->answerfrom, undef, 'No answerfrom'); $p->answerfrom('127.0.0.1'); is($p->answerfrom, '127.0.0.1', 'Localhost'); +subtest "croak when stringifying packet with malformed CAA" => sub { + my $will_croak = sub { + # Constructing a synthetic packet that would have the following string + # representation in dig-like format: + # + # ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 13944 + # ;; flags: qr aa ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + # ;; QUESTION SECTION: + # ;; bad-caa.example. IN CAA + # + # ;; ANSWER SECTION: + # bad-caa.example. 3600 IN CAA \# 4 C0000202 + # + # ;; AUTHORITY SECTION: + # + # ;; ADDITIONAL SECTION: + my $packet_bin = pack( + 'H*', + '367884000001000100000000' . # header + '076261642d636161076578616d706c650001010001' . # question + 'c00c0101000100000e100004c0000202' # bad answer + ); + + my $packet = Zonemaster::LDNS::Packet->new_from_wireformat( $packet_bin ); + + # This must croak + $packet->string; + }; + like( exception { $will_croak->() }, qr/^Failed to convert packet to string/ ); +}; + done_testing(); @@ -235,4 +235,15 @@ subtest 'SPF' => sub { }; +subtest 'croak when given malformed CAA records' => sub { + my $will_croak = sub { + # This will croak if LDNS.xs is compiled with -DUSE_ITHREADS + my $bad_caa = Zonemaster::LDNS::RR->new( + 'bad-caa.example. 3600 IN CAA \# 4 C0000202' ); + # This will always croak + $bad_caa->string(); + }; + like( exception { $will_croak->() }, qr/^Failed to convert RR to string/ ); +}; + done_testing; |