#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/bind/Regression/CVE-2015-5722
# Description: malformed DNSSEC key failed assertion denial of service
# Author: Petr Sklenar <psklenar@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2015 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="bind"
rlJournalStart
rlPhaseStartSetup
rlRun 'rpm -q bind || rpm -q bind97' 0 "Checking for presence of bind or bind97 RPM"
rlPhaseEnd
rlPhaseStartTest
# TODO: For RHEL-5 the test can still be done if the key file is added to named.conf
if rlIsRHEL '>5'; then
rlRun "rlServiceStop named"
rlRun "rlFileBackup /etc/named.root.key"
rlRun "cat named.root.key > /etc/named.root.key"
rlServiceStart named
# FIXME: Quick and ugly.
rlRun "grep -E ' (named|named-sdb)\[' /var/log/messages | tail -25 | grep 'public key is invalid'" 0 "Reproducer A"
rlRun "rlFileRestore"
fi
rlRun "rlServiceStart named"
rlRun "gcc -g -O2 -Wall -I/usr/include/bind9 CVE-2015-5722.c -lisc -ldns"
./a.out &> log-QA-CVE-2015-5722
rlRun "grep 'public key is invalid\$' log-QA-CVE-2015-5722" 0 "Reproducer B"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rlServiceRestore named"
rm -f log-QA-CVE-2015-5722 a.out
rlPhaseEnd
rlJournalPrintText
rlJournalEnd