Allow parsing of CAA Resource Record (Closes #292) #360
Conversation
CAA (Certification Authority Authorization) was introduced in RFC 6844. This has been obsoleted by RFC 8659. This commit added the possibility to query CAA resource records with adig and adds a parser for CAA records, that can be used in conjunction with ares_query(3).
|
Can you add a test. case for this? Also, please look at the warnings generated during build. I'm not quite sure why travis failed to build, but AppVeyor looks to me like something to do with the whitespace in Makefile.inc so it shouldn't be a big deal. |
|
overall, it looks pretty good. The only things I see are you're missing a manpage for ares_parse_caa_reply(), and you should have some tests structured through DNSPacket rather than outputting the entire binary stream so its more comprehensible if something goes wrong in the future for someone debugging. |
|
in docs/Makefile.inc need to add the html and pdf targets that are auto-generated from your .3 file |
|
(I just submitted #362 to get rid of the html and pdf targets...) |
|
@bradh352 : I cannot see the benefit of adding additional test code (DNSPacket), it only generates the binary stream, that is present already. Is this a hard requirement to get this merged? |
|
It's really for future debugability when things change in the future. It's much harder to understand the entire protocol stream when you really only care about a small part of it. That said, I'm not sure if we should hold merging up for that or not. @bagder thoughts? |
|
@bagder just looking for someone else to weigh in on the test case not using DNSPacket, if that's acceptable or too much of a future burden. Thanks! |
|
I'm fine with that, as we can always add more and fine-tune the tests going forward if we need to. (Said by someone who's flying a bit off from the c-ares project right now.) |
|
|
||
| caa_curr->critical = (int)*strptr++; | ||
| caa_curr->plength = (int)*strptr++; | ||
| if (caa_curr->plength <= 0 || (int)caa_curr->plength >= rr_len - 2) |
There was a problem hiding this comment.
OSS-Fuzz is reporting a use-of-uninitialized-value here, which I suspect is because the two lines above don't do any length checks to confirm that strptris still within range [abuf, abuf+alen).
There was a problem hiding this comment.
Yep, that did the trick – thanks.
|
@bagder : Integration of this functionality in nodejs seems to be blocked (nodejs/node#35466). When do you plan to release the next version of c-ares? |
|
I was thinking about that recently. I think there's just 1 bug I'd like to resolve before release, and that would be #317 |
CAA (Certification Authority Authorization) was introduced in RFC 6844. This has been obsoleted by RFC 8659. This commit added the possibility to query CAA resource records with adig and adds a parser for CAA records, that can be used in conjunction with ares_query(3). Closes Bug: c-ares#292 Fix By: Daniela Sonnenschein (@lxdicted)
CAA (Certification Authority Authorization) was introduced in RFC 6844.
This has been obsoleted by RFC 8659. This commit added the possibility
to query CAA resource records with adig(1) and adds a parser for CAA
records, that can be used in conjunction with ares_query(3).