- Fix parse error on negative SOA RRSIGs if badly ordered in the packet.

git-svn-id: file:///svn/unbound/trunk@2573 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -1,5 +1,6 @@
 15 December 2011: Wouter
 	- remove uninit warning from cachedump code.
+	- Fix parse error on negative SOA RRSIGs if badly ordered in the packet.
 
 13 December 2011: Wouter
 	- iana portlist updated.

testcode/unitmsgparse.c

@@ -59,6 +59,8 @@ static int check_formerr_gone = 0;
 static int matches_nolocation = 0;
 /** see if RRSIGs are properly matched to RRsets. */
 static int check_rrsigs = 0;
+/** do not check buffer sameness */
+static int check_nosameness = 0;
 
 /** match two rr lists */
 static int
@@ -431,6 +433,7 @@ testpkt(ldns_buffer* pkt, struct alloc_cache* alloc, ldns_buffer* out,
 		if(vbmp) printf("inlen %u outlen %u\n", 
 			(unsigned)ldns_buffer_limit(pkt),
 			(unsigned)ldns_buffer_limit(out));
+		if(!check_nosameness)
 			test_buffers(pkt, out);
 		if(check_rrsigs)
 			check_the_rrsigs(&qi, rep);
@@ -607,6 +610,12 @@ void msgparse_test(void)
 	testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.8");
 	check_formerr_gone = 0;
 
+	check_rrsigs = 1;
+	check_nosameness = 1;
+	testfromdrillfile(pkt, &alloc, out, "testdata/test_packets.9");
+	check_nosameness = 0;
+	check_rrsigs = 0;
+
 	/* cleanup */
 	alloc_clear(&alloc);
 	alloc_clear(&super_a);

testdata/test_packets.9

@@ -0,0 +1,23 @@
+; Test that RRSIG(SOA) is matched with the SOA record.
+; Test that FORMERR no longer happens.
+; This is output from the PowerDNS online signer.
+;
+;-- next packet --
+E2C084000001000000040
+0010E686F74656C6C73616E746961676F02736500000F0001C00C0006000100000E10002C036E733
+30662696E65726FC01B087265676973747279C0334EDFD75C0000A8C000000E1000093A8000000E1
+02075616D326963717673707635356136746A306C6C32336B71376E766D666E6136C00C003200010
+0001C2000240100000101AB14D7425114B28CE784C3A3D9B8FC5D920A8D7B5570000762000000000
+290C00C002E000100001C2000A50006080200001C204EE938804ED6C38085F80E686F74656C6C736
+16E746961676F02736500442DF70F92FCFDF5F5D3560194FCDE01B91CE6AC00910CDDA550F985C84
+F4FA1FD8DFD
+957F4382C276FD26E5A
+3C10C494DCB6D0132F930595A0901D4E0616679EA426F7D45A683CA7236F8532C1E3B3B82EF6B0C0
+2E43999F8B8FF0B001968E10AFAEFA7774FC003ED0E43DDEA776596AFD91DADECA5AD505107F97AC
+467264EC05B002E000100001C2000A50032080300001C204EE938804ED6C38085F80E686F74656C6
+C73616E746961676F027365000D4700DE3055046F2CC0529307903D40FEFC7ECFF29BB5B6B7427EB
+11B06669605B1ADFC070DAF801FB3EB59446F6C7BE5D4BC7C725BFEF2F5F416BCC8A090692F5CE76
+85923DD102677C9224E69FF10167EF8C0EC18070E986E9F0266C7CBB3270A9CD6C562157EC1074B6
+F48553DD58BBE
+12A63202C9A1DB7DA5F8560849580000295800000080000000
+

util/data/msgparse.c

@@ -504,6 +504,17 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname,
 			if(!*rrset_prev) /* untwiddle if not found */
 				*rrset_flags ^= PACKED_RRSET_NSEC_AT_APEX;
 		}
+		if(!*rrset_prev && covtype == LDNS_RR_TYPE_SOA) {
+			/* if SOA try with SOA neg flag twiddled */
+			*rrset_flags ^= PACKED_RRSET_SOA_NEG;
+			*hash = pkt_hash_rrset_rest(dname_h, covtype, dclass, 
+				*rrset_flags);
+			*rrset_prev = msgparse_hashtable_lookup(msg, pkt, 
+				*hash, *rrset_flags, dname, dnamelen, covtype, 
+				dclass);
+			if(!*rrset_prev) /* untwiddle if not found */
+				*rrset_flags ^= PACKED_RRSET_SOA_NEG;
+		}
 		if(*rrset_prev) {
 			*prev_dname_first = (*rrset_prev)->dname;
 			*prev_dname_last = dname;