Merge pull request #172 from zonemaster/develop

Merge develop into master

Author: matsduf

Changes

@@ -1,5 +1,13 @@
 Release history for Zonemaster component Zonemaster-LDNS
 
+3.2.0 2023-06-21 (public fix version)
+ [Feature]
+ - Expand DNAME support (#170)
+
+ [Fixes]
+ - Ignore DNSKEY RRs with incalculable key sizes (#135)
+
+
 3.1.0 2023-01-31 (public fix version)
  [Feature]
  - Includes the OPT RDATA from the edns_data function

lib/Zonemaster/LDNS.pm

@@ -2,7 +2,7 @@ package Zonemaster::LDNS;
 
 use 5.014;
 
-our $VERSION = '3.1.0';
+our $VERSION = '3.2.0';
 
 use parent 'Exporter';
 our @EXPORT_OK = qw[to_idn has_idn ldns_version load_zonefile];

lib/Zonemaster/LDNS/Packet.pm

@@ -26,6 +26,36 @@ sub data {
     return $self->wireformat;
 }
 
+sub answer {
+    my ( $self ) = @_;
+
+    my @records = $self->answer_unfiltered;
+
+    for ( my $i = $#records ; $i >= 0 ; --$i ) {
+        if ( $records[$i]->type() eq 'DNSKEY' && $records[$i]->keysize() == -1 ) {
+            splice @records, $i, 1;
+        }
+    }
+
+    return @records;
+}
+
+sub authority {
+    my ( $self ) = @_;
+
+    my @records = $self->authority_unfiltered;
+
+    return @records;
+}
+
+sub additional {
+    my ( $self ) = @_;
+
+    my @records = $self->additional_unfiltered;
+
+    return @records;
+}
+
 1;
 
 =head1 NAME

lib/Zonemaster/LDNS/RR/DNAME.pm

@@ -17,6 +17,10 @@ A subclass of L<Zonemaster::LDNS::RR>, so it has all the methods of that class a
 
 =head1 METHODS
 
-No RDATA methods implemented yet.
+=over
 
-=cut
+=item dname()
+
+Returns the delegation name, i.e. the <target> field from the RDATA of a DNAME record.
+
+=back

lib/Zonemaster/LDNS/RR/DNSKEY.pm

@@ -5,6 +5,65 @@ use warnings;
 
 use parent 'Zonemaster::LDNS::RR';
 
+sub keysize {
+    my ( $self ) = @_;
+
+    my $algo = $self->algorithm;
+    my $data = $self->keydata;
+
+    # RSA variants
+    if ( $algo == 1 || $algo == 5 || $algo == 7 || $algo == 8 || $algo == 10 ) {
+
+        # Read first byte
+        return -1
+          if length $data < 1;
+        my $byte = unpack( "c1", $data );
+
+        my $remaining;
+        if ( $byte > 0 ) {
+            $remaining = length( $data ) - 1 - $byte;
+        }
+        else {
+            # Read bytes 1 and 2 as big-endian
+            return -1
+              if length $data < 3;
+            my $short = unpack( "x1s>1", $data );
+
+            $remaining = length( $data ) - 3 - $short;
+        }
+
+        if ( $remaining < 0 ) {
+            return -1;
+        }
+        else {
+            return 8 * $remaining;
+        }
+    }
+
+    # DSA variants
+    elsif ( $algo == 3 || $algo == 6 ) {
+
+        # Read first byte (the T value)
+        return -1
+          if length $data < 1;
+        return unpack( "c1", $data );
+    }
+
+    # Diffie-Hellman
+    elsif ( $algo == 2 ) {
+
+        # Read bytes 4 and 5 as big-endian
+        return -1
+          if length $data < 6;
+        return unpack( "x4s>1", $data );
+    }
+
+    # No idea what this is
+    else {
+        return 0;
+    }
+}
+
 1;
 
 =head1 NAME
@@ -44,5 +103,6 @@ be available, depending on how you ldns library was compiled.
 
 The size of the key stored in the record. For RSA variants, it's the length in bits of the prime number. For DSA variants, it's the key's "T" value
 (see RFC2536). For DH, it's the value of the "prime length" field (and probably useless, since DH keys can't have signature records).
+If there is insufficient data in the public key field to calculate the key size, C<-1> is returned.
 
 =back

src/LDNS.xs

@@ -1064,7 +1064,7 @@ packet_timestamp(obj,...)
         RETVAL
 
 SV *
-packet_answer(obj)
+packet_answer_unfiltered(obj)
     Zonemaster::LDNS::Packet obj;
     PPCODE:
     {
@@ -1092,7 +1092,7 @@ packet_answer(obj)
     }
 
 SV *
-packet_authority(obj)
+packet_authority_unfiltered(obj)
     Zonemaster::LDNS::Packet obj;
     PPCODE:
     {
@@ -1120,7 +1120,7 @@ packet_authority(obj)
     }
 
 SV *
-packet_additional(obj)
+packet_additional_unfiltered(obj)
     Zonemaster::LDNS::Packet obj;
     PPCODE:
     {
@@ -1930,50 +1930,6 @@ rr_ds_verify(obj,other)
 
 MODULE = Zonemaster::LDNS        PACKAGE = Zonemaster::LDNS::RR::DNSKEY           PREFIX=rr_dnskey_
 
-U32
-rr_dnskey_keysize(obj)
-    Zonemaster::LDNS::RR::DNSKEY obj;
-    CODE:
-    {
-        U8 algorithm = D_U8(obj,2);
-        ldns_rdf *rdf = ldns_rr_rdf(obj,3);
-        uint8_t *data = ldns_rdf_data(rdf);
-        size_t total = ldns_rdf_size(rdf);
-
-        /* RSA variants */
-        if(algorithm==1||algorithm==5||algorithm==7||algorithm==8||algorithm==10)
-        {
-            size_t ex_len;
-
-            if(data[0] == 0)
-            {
-                ex_len = 3+(U16)data[1];
-            }
-            else
-            {
-                ex_len = 1+(U8)data[0];
-            }
-            RETVAL = 8*(total-ex_len);
-        }
-        /* DSA variants */
-        else if(algorithm==3||algorithm==6)
-        {
-            RETVAL = (U8)data[0]; /* First octet is T value */
-        }
-        /* Diffie-Hellman */
-        else if(algorithm==2)
-        {
-            RETVAL = (U16)data[4];
-        }
-        /* No idea what this is */
-        else
-        {
-            RETVAL = 0;
-        }
-    }
-    OUTPUT:
-        RETVAL
-
 U16
 rr_dnskey_flags(obj)
     Zonemaster::LDNS::RR::DNSKEY obj;
@@ -2003,8 +1959,15 @@ rr_dnskey_keydata(obj)
     Zonemaster::LDNS::RR::DNSKEY obj;
     CODE:
     {
-        ldns_rdf *rdf = ldns_rr_rdf(obj,3);
-        RETVAL = newSVpvn((char*)ldns_rdf_data(rdf), ldns_rdf_size(rdf));
+        if (ldns_rr_rd_count(obj)>3)
+        {
+            ldns_rdf *rdf = ldns_rr_rdf(obj,3);
+            RETVAL = newSVpvn((char*)ldns_rdf_data(rdf), ldns_rdf_size(rdf));
+        }
+        else
+        {
+            RETVAL = newSVpvn("",0);
+        }
     }
     OUTPUT:
         RETVAL
@@ -2459,6 +2422,18 @@ rr_cname_cname(obj)
     CLEANUP:
         free(RETVAL);
 
+MODULE = Zonemaster::LDNS        PACKAGE = Zonemaster::LDNS::RR::DNAME            PREFIX=rr_dname_
+
+char *
+rr_dname_dname(obj)
+    Zonemaster::LDNS::RR::DNAME obj;
+    CODE:
+        RETVAL = randomize_capitalization(D_STRING(obj,0));
+    OUTPUT:
+        RETVAL
+    CLEANUP:
+        free(RETVAL);
+
 MODULE = Zonemaster::LDNS        PACKAGE = Zonemaster::LDNS::RR::KEY           PREFIX=rr_key_
 
 U16

t/rr.t

@@ -2,6 +2,7 @@ use Test::More;
 use Test::Fatal;
 use Devel::Peek;
 use MIME::Base64;
+use Test::Differences;
 
 BEGIN { use_ok( 'Zonemaster::LDNS' ) }
 
@@ -107,6 +108,19 @@ subtest 'DNSKEY' => sub {
             ok( $rr->algorithm == 8 );
         }
     }
+
+    my $data = decode_base64( "BleFgAABAAEAAAAADW5sYWdyaWN1bHR1cmUCbmwAAAEAAcAMADAAAQAAAAAABAEBAwg=");
+    my $p = Zonemaster::LDNS::Packet->new_from_wireformat( $data );
+    my ( $rr, @extra ) = $p->answer_unfiltered;
+    eq_or_diff \@extra, [], "no extra RRs found";
+    if ( !defined $rr ) {
+        BAIL_OUT( "no RR found" );
+    }
+    is $rr->keydata, "", "we're able to extract the public key field even when it's empty";
+    is $rr->keysize, -1, "insufficient data to calculate key size is reported as -1";
+
+    my ( @rrs ) = $p->answer;
+    eq_or_diff \@rrs, [], "DNSKEY record with empty public key is filtered out by answer()";
 };
 
 subtest 'RRSIG' => sub {
@@ -235,6 +249,12 @@ subtest 'SPF' => sub {
 
 };
 
+subtest 'DNAME' => sub {
+    my $rr = Zonemaster::LDNS::RR->new( 'examplë.fake 3600  IN  DNAME example.fake' );
+    isa_ok( $rr, 'Zonemaster::LDNS::RR::DNAME' );
+    is($rr->dname(), 'example.fake.');
+};
+
 subtest 'croak when given malformed CAA records' => sub {
     my $will_croak = sub {
         # This will croak if LDNS.xs is compiled with -DUSE_ITHREADS