| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Ignore incomplete RRs
|
| | |
| |
| |
| |
| | |
SIG resource records were missing methods defined in LDNS.xs because of
a missing use statement in Zonemaster::LDNS::RR.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The salt() method in Zonemaster::LDNS::RR::NSEC3PARAM did not work as
documented.
Like two of those accessor methods in NSEC3 I’ve fixed previously, its
return value is a byte string that starts with an extraneous length
byte, which isn’t necessary.
The unit test for this function compares base64-encoded strings. This
hampers legibility because conversions between hexadecimal strings and
base64 strings are not trivial and only a very astute reader would
notice that the salt() method also had a similar problem.
Also improve the documentation and the unit test coverage for that
method.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The next_owner() method in Zonemaster::LDNS::RR::NSEC3 did not work as
documented.
Its return value was not the value of the next hashed owner name field,
but the same value with the length byte prepended. This choice does not
make the function as useful as one may hope.
This commit ensures that the next_owner() method returns the next hashed
owner name field, and only that.
The unit test for this function compares base64-encoded strings. This
hampers legibility because conversions between base32 and base64 are not
trivial and only a very astute reader would notice that the next_owner()
method had this kind of catch.
As a bonus, add a useful tip in the method’s documentation.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The salt() method in the Zonemaster::LDNS::RR::NSEC3 module never worked
and often caused the Perl interpreter to crash. This commit fixes many
long-standing issues with the affected code.
Firstly, the root cause of the crash is a double free resulting from the
inappropriate use of ldns_rdf_deep_free() in the code. The
ldns_nsec3_salt() function returns a pointer to a ldns_rdf structure
which is just a window into the salt field, not a copy of the data. So
calling ldns_rdf_deep_free() on that ldns_rdf object causes a part of
the original resource record structure to be freed instead. This then
results in a double free when the memory for the resource record object
is deallocated. Calling ldns_rdf_free() instead fixes the crashing.
Secondly, the method doesn’t quite return the salt: it actually returns
a string containing the salt preceded by its length byte. This is
surprising, not as documented and unlikely to be useful. This problem is
fixed by rewriting the entire function so as to return the salt, all the
salt and nothing but the salt.
Thirdly, the method was also insufficiently covered by unit tests. Tests
were added, first to help reproduce the crashes, but also to cover the
case of an NSEC3 with non-empty salt.
Finally, the method returns undef if the salt is empty. Not only is that
documented nowhere, but the choice of doing so is questionable. This
commit changes the behavior somewhat in this case: if the salt is empty,
an empty string is returned instead; the method only returns undef if
there was a problem accessing the salt field.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Zonemaster::LDNS::RR::NSEC3::covers(), perform a simple sanity check
on resource records before giving them to ldns_nsec_covers_name().
With ldns version 1.8.3, ldns_nsec_covers_name() crashes if the NSEC3
resource record has the root domain as owner name or has an empty next
hashed owner name. Both are cases of invalid NSEC3 resource records that
should be tested for before trying to do anything with them.
While this is technically an ldns bug, we still need some kind of
workaround, especially because Zonemaster::LDNS is linked by default
against a bundled version of ldns.
|
| |
|
|
|
|
|
|
| |
By definition, no NSEC3 resource record can ever prove the nonexistence
of the root zone. However, calling the covers() method on an object
representing an NSEC3 resource record, with "." as input, caused a
crash. This commit changes the function to return undef in this case,
which can be interpreted as a false value.
|
| |
|
|
|
| |
Reproduce crashes witnessed in issues #174 and #175. The tests have to
be skipped, however, because they both cause Perl to crash.
|
| |\
| |
| | |
Ignore DNSKEY RRs with incalculable key sizes
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The `se` and `nic.se` zones have evolved a little. The tests made over
the network using these zones have been slightly updated to fix errors
and be aligned with current zone configuration.
|
| | |
| |
| |
| |
| | |
- Allow access to DNAME RR
- Add unitary test
|
| |\ \
| | |
| | | |
Fix unsafe string manipulations in XS code
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instantiation of a malformed CAA resource record is a guaranteed croak
if and only if the Perl in use is compiled with support for interpreter
threads (-DUSE_ITHREADS). If not, it won’t. So the unit test is modified
to try to convert the bad CAA record back to presentation form, so that
it does become a guaranteed croak.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a unit test in packet.t and another one in rr.t to reproduce the
segfaults I observed.
See also issue #149.
|
| |\ \ \
| | | |
| | | |
| | | | |
Add support for NSID option + update internal LDNS to 1.8.3
|
| | |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SPF resource records are, in essence, TXT resource records with a
different type identifier. The only real difference between SPF and TXT
resource records lies in their uses: TXT is more generic, where SPF was
meant for publishing Sender Policy Framework policies before being
deprecated.
The Zonemaster::LDNS::RR::SPF module suffered from the same problem as
its TXT counterpart, i.e. the spfdata() method only returns the first
string, in presentation format.
For parsing actual SPF policies, however, the behavior of the spfdata()
method is both not very useful as well as incorrect: RFC 7208 states
that the SPF policy is the concatenation of *all* strings in a single
TXT (or SPF) resource record.
So like with the txtdata() method in the TXT package, we entirely
replace the spfdata() method with a correct and pure-Perl
variant.
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
So far, there has been no real elegant way of accessing the data in DNS
TXT records.
The only existing method, txtdata(), is implemented in XS code and has
several issues. Firstly, it only returns the first string of the TXT
record. Secondly, it returns that string in presentation format, that
is, it returns a string which itself has surrounding quotes and
contains decimal escapes for non-printable characters.
This incorrect implementation is replaced with one in pure
Perl. Normally, the only correct abstraction for TXT resource records is
a list of strings. But for some use cases, such as SPF, DKIM and DMARC,
the TXT record data ought to be treated as a single long string, which
is the concatenation of all the strings in the TXT resource record data,
without adding any spaces between consecutive strings.
To my knowledge, there is no need to access the actual list of strings
in the resource record data. This function could easily be made
context-sensitive (e.g. by returning the list of strings in list
context) if need be.
This commit is also an excellent opportunity to rewrite the unit test
for TXT resource records. The previous version needed Internet
connectivity, but this new version can be run offline.
|
| | | |
|
| |/
|
|
|
|
| |
The `se` and `nic.se` zones have evolved a little. The tests made over
the network using these zones have been slightly updated to fix errors
and be aligned with current zone configuration.
|
| | |
|
| |
|
|
|
|
|
| |
There used to be three name servers for iis.se but now there are only
two. We arbitrarily picked an upper bound for the expected number of
name servers. "It's unlikely there'll be more than six name servers in
the near future."
|
| | |
|
| | |
|
| |
|
| |
Updated to adjust for changes in live data and replace fixed value of NS with range. Also updated accepted range of additional records to match range of NS.
|
| |
|
|
|
|
| |
* Fixed so rr.t so it matches current Internet and changed so that tests that depend on network are not run by default (issue #26)
* .travis.yml is updated so that network tests are always run.
* Updated README.md to document the new solution.
|
| |
|
|
|
|
| |
Better to keep things in one place. Feature gates auto-enabled by use
VERSION can be enabled with use feature instead, which is clearer to the
reader anyway.
|
| | |
|
| | |
|
| |
|
|
| |
Sometimes we get really quick replies (less than 1 ms)
|
| | |
|
| |
|
|
|
|
|
|
| |
This reverts commit ae0b150752c0e025e2a5847f72758ae24ec70601.
Conflicts:
t/dnssec.t
t/optrr.t
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* The old hardcoded name server for cyberpomo.com is no longer
responding.
* The .se zone has added another name server.
The real fix is to not depend on the state of the internet. I'm
deferring the real fix for another issue.
|
| | |
|
| | |
|
| |
|
|
| |
0.75.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
