* [scan] fix crashers when parsing comment
When dealing with comments the parsers was potentially incrementing comi
variable twice. During the second access to com[], comi was possibly
longer than maxTok, causing an out of bound error:
panic: runtime error: index out of range [2048] with length 2048
* * Keep only 1 crasher test string.
* move tests from scan_test.go to fuzz_test.go
* [fuzz] Fix crashes when parsing GENERATE
Running the fuzzer on NewRR, some crashes came up that could be
prevented by checking that the token after the range is a Blank.
This diff checks that and return an error when the blank is not found.
* * s/Expect blank /garbage /
* get rid of if/else
One of the test from DNS Compliance testing validates that if the opcode
is not supported, a NOTIMPL rcode is returned.
e0884144dd/genreport.c (L293)
This diff makes the default acceptfunc support this case and reply with
NOTIMPL instead of FORMERR.
* Merge setRR into ZoneParser.Next
* Remove file argument from RR.parse
This was only used to fill in the ParseError file field. Instead we now
fill in that field in ZoneParser.Next.
* Move dynamic update check out of RR.parse
This consolidates all the dynamic update checks into one place.
* Check for unexpected newline before parsing RR data
* Move rr.parse call into if-statement
* Allow dynamic updates for TKEY and RFC3597 records
* Document that ParseError file field is unset from parse
* Inline allowDynamicUpdate into ZoneParser.Next
* Improve and simplify TestUnexpectedNewline
Both NSEC and NSEC3 use the same logic to pack the bitmap.
CSYNC.pack also appear to make use of `packDataNsec` so I am giving it
the same treatment by moving the logic in a helper function and making
all those types `len` call use that function.
This follows BIND9 and removed support for the DSA family of algorithms.
Any DNSSEC implementation should consider those zones using it,
insecure.
Signed-off-by: Miek Gieben <miek@miek.nl>
This removes RSAMD5 as an algorithm you can use. BIND also has
deprecated *all* DSA algos which is more involved can removes more
helper codes as well, so that should be done in a new PR.
See #968
Signed-off-by: Miek Gieben <miek@miek.nl>
The byte sequence, when Unpack()-ed and subsequential Pack()-ed created a
panic: runtime error: slice bounds out of range
github.com/miekg/dns.(*Msg).packBufferWithCompressionMap(0xc0000d4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x14, 0x14e80b, 0xbf2d4654d501a3c8, ...)
/Users/chantra/go/src/github.com/miekg/dns/msg.go:868 +0x13a8
Confirmed that Unpacking/Repacking payload described in TestCrashNSEC
did not raise a slice bound out of range panic, added unittests which
failed prior to this change.
```
go test -run TestCrashNSEC
--- FAIL: TestCrashNSEC (0.00s)
types_test.go:135: expected length of 19, got 12
FAIL
exit status 1
FAIL github.com/miekg/dns 0.067s
```
* Call SetTsig() Msg `r` if q.IsTsig() != nil to enable TSIG on AXFR.
* Add tests for xfr.go
* Fix data race condition setting server.TsigSecret
* Test cleanup: xfr_test.go
* Xfr Test cleanup: use exported `IsDuplicate()`, len(xfrTestData)
The function is called Truncate, not Scrub (that was the old name).
Updated the function's documentation to rename this.
Signed-off-by: Miek Gieben <miek@miek.nl>
Previously it was possible for two different questions to hit the same
single in flight entry if the type or class isn't in the relevant
XToString map. This could happen for a proxy server or similar.
* Add a message truncation implementation
* Remove OPT if-statement at end of Scrub
* Impose RFC 6891 payload size limit in Scrub
* Remove *Msg receiver from truncateLoop
* Remove OPT record creation from Scrub
* Test that TestRequestScrubAnswerExact has correct record count
* Rename (*Msg).Scrub to Truncate
This better reflects it's purpose.
* Remove comment reference to scrubbing in Truncate
* Properly calculate the length of OPT record in Truncate
* Correct comment in IsEdns0 in regards to RFC 6891
* Handle the OPT record being anywhere in Truncate
* Slight cleanup of Msg.Truncate
* Use for range loops instead of manual loops
* Use for range loop in Msg.CopyTo
This is a separate commit as the change is slightly more than just
switching the loop style.
* Use for range loop in DNSKEY.publicKeyRSA
* Add explen comment to DNSKEY.publicKeyRSA