* Add a ParseZone test for $GENERATE.
* Add a test for modToPrintf used by $GENERATE.
* Correctly handle $GENERATE modifiers.
As per http://www.zytrax.com/books/dns/ch8/generate.html, the width and type (aka base)
components of a modifier are optional. This means that ${2,0,d}, ${2,0} and ${2} are
valid modifiers, however only the first format was previously permitted. Use default
values for the width and/or type if they are unspecified in the modifier.
RFC 2537 (RSA/MD5) and RFC 3110 (RSA/SHA1) disallow leading zero octets.
RFC 5702 (RSA/SHA256 and RSA/SHA512) isn't specific but defers to these
earlier RFCs in other places.
There is an upper limit of 4096 bits for both the modulus and exponent.
The modulus must be at least 512 bits. No minimum is specified for the
exponent but a quick search suggests single byte exponents are viable.
Exponents larger than 32 bits are already disallowed. This commit adds
checks for the other requirements, general bounds checks, and defers
initialisation of the big num till the other checks have passed.
* Add test from #688 demonstrating bug decoding RSA exponent
* Unpack RSA exponent in correct order
Fixes#688
* Don't unpack RSA keys with an exponent too large for the crypto package
* Update dnssec_test.go
Fix the one nit
* ensure dialTimeout is used at Dial time. Ensure dial functions setup the right timeout
* - on Dialing, ensure a dialTimeout for the Dialer only if it is just created, else keep going with parameters of the Dialer.
* Require URLs for DOH addresses
* Move time.Now directly above http.Client.Do in DoH
* Remove https scheme check from DOH
Although the draft RFC explicitly requires that the scheme be https,
this was deemed undesirable, so remove it.
The base32 variant NSEC3 uses doesn't have padding. This hasn't been a
problem in practice because SHA1 is the only current NSEC3 hash algorithm
and its output doesn't require padding.
No-pad support was introduced in Go 1.9 which is the oldest release this
package supports.
* Add DNS-over-HTTPS support to (*Client).Exchange
* Ignore net/http goroutine leak from DoH
* Use existing Dialer and TLSConfig fields on Client for DOH
* Make DOH http.Client fully configurable
* Pipe context into exchangeDOH
* Fixed len computation when size just goes beyond 14 bits
* Added bouds checks around 14bits
* Len() always right including when around 14bits boudaries
* Avoid splitting into labels when not applicable
* Fixed comments
* Added comments in code
* Added new test cases
* Fixed computation of Len() for SRV and all kind of records
* Fixed Sign that was relying on non-copy for Unit tests
* Removed unused padding
* Fixed typo in PackBuffer() function
* Added comment about packBufferWithCompressionMap() for testing purposes
* do not modify dns.Rcode when packing to wire format
When the message has an EDNS0 option in the additional section and
dns.Msg.Rcode is set to an extended rcode, dns.Msg.PackBuffer() modifies
dns.Msg.Rcode.
If you were to `Pack` the message and log it after, the Rcode would show
NOERROR.
Running the test before the change would error with:
```
=== RUN TestPackNoSideEffect
--- FAIL: TestPackNoSideEffect (0.00s)
msg_test.go:51: after pack: Rcode is expected to be BADVERS
```
after fixing dns.Msg.PackBuffer(), all tests are still passing.
Fixes#674
* address comments from PR#675
copyHeader() is redundant, we allocate a header and then copy the
non-pointer elements into it; we don't need to do this, because if we
just asssign rr.Hdr to something else we get the same result.
Remove copyHeader() and the generation and use of it in ztypes.go.
* Split central ServeDNS code out of (*Server).serve
* Add UDP and TCP specific (*Server).serve wrappers
* Move UDP serve functionality into serveUDPPacket
* Merge serve into serveTCPConn
* Cleanup serveTCPConn replacing goto with for
* defer Close in serveTCPConn
* Remove remoteAddr field from response struct
* Fix broken tsigSecret check in serveDNS
* Reorder serveDNS arguments
This makes it consistent with the ordering of arguments to
serveUDPPacket and serveTCPConn.
This offset max was not taking into account leading Len() to emit a
smaller value that could not be matched by Pack(), i.e all names can
be fully compressed or used as a target for compression.
Split length tests off in seperate file length_test.go to clean up
dns_test.og a bit.
* Split central ServeDNS code out of (*Server).serve
* Add UDP and TCP specific (*Server).serve wrappers
* Move UDP serve functionality into serveUDPPacket
* Merge serve into serveTCPConn
* Cleanup serveTCPConn replacing goto with for
* defer Close in serveTCPConn
* Remove remoteAddr field from response struct
* Fix broken tsigSecret check in serveDNS
* Reorder serveDNS arguments
This makes it consistent with the ordering of arguments to
serveUDPPacket and serveTCPConn.
* Test that Shutdown does not surface closed errors
This test checks that calling Shutdown does not cause ActivateAndServe
(via serveTCP and serveUDP) to return the underlying
'use of closed network connection' error.
This commit unifies TestShutdownTCP with TestShutdownUDP. After this
commit, both tests will check that ActivateAndServe returns a nil error
and that Shutdown succeeded.
This was previously broken for serveTCP.
* Add comment explaining why fin chan is buffered
serveTCP calls reader.ReadTCP in the accept loop rather than in
the per-connection goroutine. If an attacker opens a connection
and leaves it idle, this will block the accept loop until the
connection times out (2s by default). During this time no other
incoming connections will succeed, preventing legitimate queries
from being answered.
This commit moves the call to reader.ReadTCP into the per-connection
goroutine. It also adds a missing call to Close whose absence allowed
file-descirptors to leak in select cases.
This attack and fix have no impact on serving UDP queries.
The check for srv.started being false is in the wrong place, it should
be after Accept not after ReadTCP. If Shutdown is called, serveTCP will
currently return a 'use of closed network connection' error, which is
undesired.
This commit mirrors the behaviour of serveUDP with respect to Shutdown.
* Do not reutrn ErrShortRead in readUDP
A read of zero bytes indicates a peer shutdown for TCP sockets -- and
thus returning ErrShortRead is fine in readTCP -- but not for UDP
sockets. For UDP sockets a read of zero bytes literally indicates a
zero-byte datagram, and is a valid return value not indicating an error.
Removing this case will cause readUDP to correctly return a zero-byte
message.
* Return non-temporary error from serveUDP loop
Fixes#613
Tom Thorogood
Lorenzo Fontana
Jerry Jacobs
Miek Gieben
Joel Sing
Anton Korshikov
Andrew Tunnell-Jones
Francois Tur
Pierre Souchay
Uladzimir Trehubenka
chantra
Stefan Aurori
Eric Greer
clmul
Ludovic Fernandez
Frank Denis