From 4f9f911e3507dbfcd1350aaf041a36369ad193c0 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Wed, 18 Jul 2018 15:29:21 +1200 Subject: [PATCH 1/2] dns wildcards: tests to confirm BUG 13536 DNS wildcard matching failing if more than one label to the left of the wildcard. This commits adds tests to confirm the bug. Wildcard entry: *.example.org bar.example.com matches foo.bar.example.com does not, but it it should. Signed-off-by: Gary Lockyer Reviewed-by: Jeremy Allison (cherry picked from commit 0d3aec18679a2637430263a55de5e210a9201e21) --- python/samba/tests/dns_wildcard.py | 48 ++++++++++++++++++++++++++++++++++++++ selftest/knownfail.d/dns_wildcard | 5 ++++ 2 files changed, 53 insertions(+) create mode 100644 selftest/knownfail.d/dns_wildcard diff --git a/python/samba/tests/dns_wildcard.py b/python/samba/tests/dns_wildcard.py index ca8426a..01e06b8 100644 --- a/python/samba/tests/dns_wildcard.py +++ b/python/samba/tests/dns_wildcard.py @@ -172,6 +172,30 @@ class TestWildCardQueries(DNSTest): self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) self.assertEquals(response.answers[0].rdata, WILDCARD_IP) + def test_one_a_query_match_wildcard_2_labels(self): + """ Query an A record, should match the wild card entry + have two labels to the left of the wild card target. + """ + + p = self.make_name_packet(dns.DNS_OPCODE_QUERY) + questions = [] + + # Check the record + name = "label2.label1.wildcardtest.%s" % self.get_dns_domain() + q = self.make_name_question(name, + dns.DNS_QTYPE_A, + dns.DNS_QCLASS_IN) + questions.append(q) + + self.finish_name_packet(p, questions) + (response, response_packet) =\ + self.dns_transaction_udp(p, host=self.server_ip) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY) + self.assertEquals(response.ancount, 1) + self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) + self.assertEquals(response.answers[0].rdata, WILDCARD_IP) + def test_one_a_query_wildcard_entry(self): "Query the wildcard entry" @@ -239,6 +263,30 @@ class TestWildCardQueries(DNSTest): self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP) + def test_one_a_query_match_wildcard_l2_2_labels(self): + """Query an A record, should match the level 2 wild card entry + have two labels to the left of the wild card target + """ + + p = self.make_name_packet(dns.DNS_OPCODE_QUERY) + questions = [] + + # Check the record + name = "label1.label2.level2.wildcardtest.%s" % self.get_dns_domain() + q = self.make_name_question(name, + dns.DNS_QTYPE_A, + dns.DNS_QCLASS_IN) + questions.append(q) + + self.finish_name_packet(p, questions) + (response, response_packet) =\ + self.dns_transaction_udp(p, host=self.server_ip) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY) + self.assertEquals(response.ancount, 1) + self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A) + self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP) + def test_one_a_query_exact_match_l2(self): """Query an entry that matches the wild card but has an exact match as well. diff --git a/selftest/knownfail.d/dns_wildcard b/selftest/knownfail.d/dns_wildcard new file mode 100644 index 0000000..2c9ade1 --- /dev/null +++ b/selftest/knownfail.d/dns_wildcard @@ -0,0 +1,5 @@ +# https://bugzilla.samba.org/show_bug.cgi?id=13536 +# + +^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_l2_2_labels +^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_2_labels -- 2.7.4 From ac7542d711f63b6e9406fa4e9e0953f3528574c6 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Wed, 18 Jul 2018 15:33:26 +1200 Subject: [PATCH 2/2] dns wildcards: fix BUG 13536 The current position in the dns name was not advanced past the '.' character Signed-off-by: Gary Lockyer Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144 (cherry picked from commit cef1b31cd1f33074e8ab6de52aa0fb74e9b57a9f) --- selftest/knownfail.d/dns_wildcard | 5 ----- source4/dns_server/dnsserver_common.c | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 selftest/knownfail.d/dns_wildcard diff --git a/selftest/knownfail.d/dns_wildcard b/selftest/knownfail.d/dns_wildcard deleted file mode 100644 index 2c9ade1..0000000 --- a/selftest/knownfail.d/dns_wildcard +++ /dev/null @@ -1,5 +0,0 @@ -# https://bugzilla.samba.org/show_bug.cgi?id=13536 -# - -^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_l2_2_labels -^samba.*.TestWildCardQueries.test_one_a_query_match_wildcard_2_labels diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c index 2a49370..bbbfe92 100644 --- a/source4/dns_server/dnsserver_common.c +++ b/source4/dns_server/dnsserver_common.c @@ -380,6 +380,7 @@ static struct ldb_parse_tree *build_wildcard_query( wildcard_query->u.list.elements[l] = el; /* skip to the start of the next label */ + x++; for (;x < name->length && name->data[x] != '.'; x++); } -- 2.7.4