When decoding a HIP resource record, 'base64.StdEncoding.DecodedLen' can return a length larger than the length of the decoded public key. This change decodes the public key and retrieves the correct length. In our tests, the public key length was being set to 33, instead of 32. Below is our offending resource record:
'23b5993f649c0827.a.b.c. 3600 IN HIP 5 200100100020001523B5993F649C0827 Cm6k4jhir9YYoKq9JDqD3Ob1hBfCuwbWam1igFPhkGg='
The existing of the file signifies it needs to run, so now it errors
that there is nothing to run (everything is commented out).
Remove the entire file.
Signed-off-by: Miek Gieben <miek@miek.nl>
Go 1.11 was a long time ago, so rename the reuseport go files to
something more sane. Contemplated _unix, or _posix but that didn't
really cut it. Went with reuseport and no_reuseport.
Also bump go.mod to 1.14
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix copy() in SVCBIPv4Hint and SVCBIPv6Hint
The problem with the current implementation is that it is not a real deep copy,
it points to the same base arrays behind the slices. This was causing some
issues in real-life application.
* Address review comments
* Remove HmacMD5 from the documention
The aglo is deprecated.
Signed-off-by: Miek Gieben <miek@miek.nl>
* bump to sha256
Signed-off-by: Miek Gieben <miek@miek.nl>
* Bump go versions in .github/workflows/go.yml
These are very out of date and it's causing persistent failures in the
fuzz CI step.
* Remove GOPATH=$GOROOT assignment
go1.16 shows a warning:
"warning: GOPATH set to GOROOT (/opt/hostedtoolcache/go/1.16.0/x64) has no effect"
* Send DNS query in one packet when using TCP/TLS
* fix review comments
* Removed net.Buffers
* Added unit-tests for writing messages over TCP in one go
* Update Truncate doc with compress behaviour
This is a documentation update to highlight the behaviour of Truncate, which will reset dns.Compress to false when the message fits in the requested size without truncation, and make it the caller responsibility to set it back to true if they wish to compress, regardless of fitting, uncompressed, in the requested message size in the first place or not.
Fixes#1216
* address comments
* d/Note that/
* s/reset/set/
* s/caller/caller's/
* removed backticks
* regardless of size
* Set Rdlength in fromRFC3597
This was a bug found by oss-fuzz. My bad (#1211).
* Limit maximum length of Rdata in (*RFC3597).parse
RDATA must be a 16-bit unsigned integer.
* Validate Rdlength and off in UnpackRRWithHeader
* Revert "Validate Rdlength and off in UnpackRRWithHeader"
This reverts commit 2f6a8811b944b100af7605e53a6fb164944a6d65.
* Use hex.DecodedLen in (*RFC3597).fromRFC3597
While this isn't done elsewhere, it is clearer and more obvious.
* Support parsing known RR types in RFC 3597 format
This is the format used for "Unknown DNS Resource Records", but it's
also useful to support parsing known RR types in this way.
RFC 3597 says:
An implementation MAY also choose to represent some RRs of known type
using the above generic representations for the type, class and/or
RDATA, which carries the benefit of making the resulting master file
portable to servers where these types are unknown. Using the generic
representation for the RDATA of an RR of known type can also be
useful in the case of an RR type where the text format varies
depending on a version, protocol, or similar field (or several)
embedded in the RDATA when such a field has a value for which no text
format is known, e.g., a LOC RR [RFC1876] with a VERSION other than
0.
Even though an RR of known type represented in the \# format is
effectively treated as an unknown type for the purpose of parsing the
RDATA text representation, all further processing by the server MUST
treat it as a known type and take into account any applicable type-
specific rules regarding compression, canonicalization, etc.
* Correct mistakes in TestZoneParserAddressAAAA
This was spotted when writing TestParseKnownRRAsRFC3597.
* Eliminate canParseAsRR
This has the advantage that concrete types will now be returned for
parsed ANY, NULL, OPT and TSIG records.
* Expand TestDynamicUpdateParsing for RFC 3597
This ensures we're properly handling empty RDATA for RFC 3597 parsed
records.
These were flagged by GitHub CodeQL code scanning as potential
vulnerabilities or issues. Fixing them is easy and they are incorrect.
Adding tests is less easy because int is 64-bits on most systems,
including those we test on, so we can't consistently provoke a failure
here.
This also removed the codecov that was still done. We could potentially
re-add as an action, but I don't really miss it. Add testing for 1.14
and 1.15 (it's very fast now).
Fuzzing needs to stay on 1.14 due to brokeness of some kind.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Support generic net.PacketConn's for the Server
This commit adds support for listening on generic net.PacketConn's for
UDP DNS requests, previously *net.UDPConn was the only supported type.
In the event of a future v2 of this module, this should be streamlined.
* Eliminate wrapper functions around RunLocalXServerWithFinChan
* Eliminate RunLocalTCPServerWithTsig function
* Replace RunLocalTLSServer with a wrapper around RunLocalTCPServer
This reduces code duplication.
* Add net.PacketConn server tests
This provides coverage over nearly all of the newly added code (with
the unfortunate exception of (*response).RemoteAddr).
* Fix broken client_test.go tests
a433fbede4 was merged into master between this PR being opened and
being merged. This broke the CI tests in rather strange ways as the
code was being merged into master in a way that wasn't at all clear.
This commit fixes the two broken lines.
* Fix XFR tests
axfrTestingSuite returned the test function that was never actually
executed. These were broken from the beginning awkwardly, though the
test cases pass fine once fixed.
* Switch axfrTestingSuite argument order
*testing.T is customarily the first argument.