While the range number of GENERATE is now limited, one can pass
a line with 2 $GENERATE directive that will exponentially increase the
time spent generating RRs.
Limit to only one per line.
Fixes#1020
* Limit $GENERATE range to 65535 steps
Having these checks means all test in TestCrasherString() are not
reached because we bail out earlier - removed that test all together.
Fixes#1019
Signed-off-by: Miek Gieben <miek@miek.nl>
* bring back testcase
Signed-off-by: Miek Gieben <miek@miek.nl>
* bring back crash test
Signed-off-by: Miek Gieben <miek@miek.nl>
* [scan] fix crashers when parsing comment
When dealing with comments the parsers was potentially incrementing comi
variable twice. During the second access to com[], comi was possibly
longer than maxTok, causing an out of bound error:
panic: runtime error: index out of range [2048] with length 2048
* * Keep only 1 crasher test string.
* move tests from scan_test.go to fuzz_test.go
* [fuzz] Fix crashes when parsing GENERATE
Running the fuzzer on NewRR, some crashes came up that could be
prevented by checking that the token after the range is a Blank.
This diff checks that and return an error when the blank is not found.
* * s/Expect blank /garbage /
* get rid of if/else
One of the test from DNS Compliance testing validates that if the opcode
is not supported, a NOTIMPL rcode is returned.
e0884144dd/genreport.c (L293)
This diff makes the default acceptfunc support this case and reply with
NOTIMPL instead of FORMERR.
* Merge setRR into ZoneParser.Next
* Remove file argument from RR.parse
This was only used to fill in the ParseError file field. Instead we now
fill in that field in ZoneParser.Next.
* Move dynamic update check out of RR.parse
This consolidates all the dynamic update checks into one place.
* Check for unexpected newline before parsing RR data
* Move rr.parse call into if-statement
* Allow dynamic updates for TKEY and RFC3597 records
* Document that ParseError file field is unset from parse
* Inline allowDynamicUpdate into ZoneParser.Next
* Improve and simplify TestUnexpectedNewline
Both NSEC and NSEC3 use the same logic to pack the bitmap.
CSYNC.pack also appear to make use of `packDataNsec` so I am giving it
the same treatment by moving the logic in a helper function and making
all those types `len` call use that function.
This follows BIND9 and removed support for the DSA family of algorithms.
Any DNSSEC implementation should consider those zones using it,
insecure.
Signed-off-by: Miek Gieben <miek@miek.nl>
This removes RSAMD5 as an algorithm you can use. BIND also has
deprecated *all* DSA algos which is more involved can removes more
helper codes as well, so that should be done in a new PR.
See #968
Signed-off-by: Miek Gieben <miek@miek.nl>
The byte sequence, when Unpack()-ed and subsequential Pack()-ed created a
panic: runtime error: slice bounds out of range
github.com/miekg/dns.(*Msg).packBufferWithCompressionMap(0xc0000d4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x14, 0x14e80b, 0xbf2d4654d501a3c8, ...)
/Users/chantra/go/src/github.com/miekg/dns/msg.go:868 +0x13a8
Confirmed that Unpacking/Repacking payload described in TestCrashNSEC
did not raise a slice bound out of range panic, added unittests which
failed prior to this change.
```
go test -run TestCrashNSEC
--- FAIL: TestCrashNSEC (0.00s)
types_test.go:135: expected length of 19, got 12
FAIL
exit status 1
FAIL github.com/miekg/dns 0.067s
```
* Call SetTsig() Msg `r` if q.IsTsig() != nil to enable TSIG on AXFR.
* Add tests for xfr.go
* Fix data race condition setting server.TsigSecret
* Test cleanup: xfr_test.go
* Xfr Test cleanup: use exported `IsDuplicate()`, len(xfrTestData)
The function is called Truncate, not Scrub (that was the old name).
Updated the function's documentation to rename this.
Signed-off-by: Miek Gieben <miek@miek.nl>