The Samba-Bugzilla – Attachment 14331 Details for
Bug 13536
DNS wildcard search does not handle multiple labels correctly.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Back ported patch for 4.7, 4.8 and 4.9
dns-wildcard-bug-13536.patch.txt (text/plain), 5.68 KB, created by
Gary Lockyer
on 2018-07-22 19:48:58 UTC
(
hide
)
Description:
Back ported patch for 4.7, 4.8 and 4.9
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2018-07-22 19:48:58 UTC
Size:
5.68 KB
patch
obsolete
>From 4f9f911e3507dbfcd1350aaf041a36369ad193c0 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 18 Jul 2018 15:29:21 +1200 >Subject: [PATCH 1/2] dns wildcards: tests to confirm BUG 13536 > >DNS wildcard matching failing if more than one label to the left of the >wildcard. This commits adds tests to confirm the bug. > >Wildcard entry: *.example.org >bar.example.com matches >foo.bar.example.com does not, but it it should. > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 0d3aec18679a2637430263a55de5e210a9201e21) >--- > python/samba/tests/dns_wildcard.py | 48 ++++++++++++++++++++++++++++++++++++++ > selftest/knownfail.d/dns_wildcard | 5 ++++ > 2 files changed, 53 insertions(+) > create mode 100644 selftest/knownfail.d/dns_wildcard > >diff --git a/python/samba/tests/dns_wildcard.py b/python/samba/tests/dns_wildcard.py >index ca8426a..01e06b8 100644 >--- a/python/samba/tests/dns_wildcard.py >+++ b/python/samba/tests/dns_wildcard.py >@@ -172,6 +172,30 @@ class TestWildCardQueries(DNSTest): > self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) > self.assertEquals(response.answers[0].rdata, WILDCARD_IP) > >+ def test_one_a_query_match_wildcard_2_labels(self): >+ """ Query an A record, should match the wild card entry >+ have two labels to the left of the wild card target. >+ """ >+ >+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY) >+ questions = [] >+ >+ # Check the record >+ name = "label2.label1.wildcardtest.%s" % self.get_dns_domain() >+ q = self.make_name_question(name, >+ dns.DNS_QTYPE_A, >+ dns.DNS_QCLASS_IN) >+ questions.append(q) >+ >+ self.finish_name_packet(p, questions) >+ (response, response_packet) =\ >+ self.dns_transaction_udp(p, host=self.server_ip) >+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) >+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY) >+ self.assertEquals(response.ancount, 1) >+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) >+ self.assertEquals(response.answers[0].rdata, WILDCARD_IP) >+ > def test_one_a_query_wildcard_entry(self): > "Query the wildcard entry" > >@@ -239,6 +263,30 @@ class TestWildCardQueries(DNSTest): > self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) > self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP) > >+ def test_one_a_query_match_wildcard_l2_2_labels(self): >+ """Query an A record, should match the level 2 wild card entry >+ have two labels to the left of the wild card target >+ """ >+ >+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY) >+ questions = [] >+ >+ # Check the record >+ name = "label1.label2.level2.wildcardtest.%s" % self.get_dns_domain() >+ q = self.make_name_question(name, >+ dns.DNS_QTYPE_A, >+ dns.DNS_QCLASS_IN) >+ questions.append(q) >+ >+ self.finish_name_packet(p, questions) >+ (response, response_packet) =\ >+ self.dns_transaction_udp(p, host=self.server_ip) >+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) >+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY) >+ self.assertEquals(response.ancount, 1) >+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) >+ self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP) >+ > def test_one_a_query_exact_match_l2(self): > """Query an entry that matches the wild card but has an exact match as > well. >diff --git a/selftest/knownfail.d/dns_wildcard b/selftest/knownfail.d/dns_wildcard >new file mode 100644 >index 0000000..2c9ade1 >--- /dev/null >+++ b/selftest/knownfail.d/dns_wildcard >@@ -0,0 +1,5 @@ >+# https://bugzilla.samba.org/show_bug.cgi?id=13536 >+# >+ >+^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_l2_2_labels >+^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_2_labels >-- >2.7.4 > > >From ac7542d711f63b6e9406fa4e9e0953f3528574c6 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 18 Jul 2018 15:33:26 +1200 >Subject: [PATCH 2/2] dns wildcards: fix BUG 13536 > >The current position in the dns name was not advanced past the '.' >character > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144 > >(cherry picked from commit cef1b31cd1f33074e8ab6de52aa0fb74e9b57a9f) >--- > selftest/knownfail.d/dns_wildcard | 5 ----- > source4/dns_server/dnsserver_common.c | 1 + > 2 files changed, 1 insertion(+), 5 deletions(-) > delete mode 100644 selftest/knownfail.d/dns_wildcard > >diff --git a/selftest/knownfail.d/dns_wildcard b/selftest/knownfail.d/dns_wildcard >deleted file mode 100644 >index 2c9ade1..0000000 >--- a/selftest/knownfail.d/dns_wildcard >+++ /dev/null >@@ -1,5 +0,0 @@ >-# https://bugzilla.samba.org/show_bug.cgi?id=13536 >-# >- >-^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_l2_2_labels >-^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_2_labels >diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c >index 2a49370..bbbfe92 100644 >--- a/source4/dns_server/dnsserver_common.c >+++ b/source4/dns_server/dnsserver_common.c >@@ -380,6 +380,7 @@ static struct ldb_parse_tree *build_wildcard_query( > wildcard_query->u.list.elements[l] = el; > > /* skip to the start of the next label */ >+ x++; > for (;x < name->length && name->data[x] != '.'; x++); > } > >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
dbagnall
:
review+
Actions:
View
Attachments on
bug 13536
: 14331