// Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package net import ( "encoding/hex" "reflect" "testing" ) func TestStructPackUnpack(t *testing.T) { want := dnsQuestion{ Name: ".", Qtype: dnsTypeA, Qclass: dnsClassINET, } buf := make([]byte, 50) n, ok := packStruct(&want, buf, 0) if !ok { t.Fatal("packing failed") } buf = buf[:n] got := dnsQuestion{} n, ok = unpackStruct(&got, buf, 0) if !ok { t.Fatal("unpacking failed") } if n != len(buf) { t.Errorf("unpacked different amount than packed: got n = %d, want = %d", n, len(buf)) } if !reflect.DeepEqual(got, want) { t.Errorf("got = %+v, want = %+v", got, want) } } func TestDomainNamePackUnpack(t *testing.T) { tests := []struct { in string want string ok bool }{ {"", ".", true}, {".", ".", true}, {"google..com", "", false}, {"google.com", "google.com.", true}, {"google..com.", "", false}, {"google.com.", "google.com.", true}, {".google.com.", "", false}, {"www..google.com.", "", false}, {"www.google.com.", "www.google.com.", true}, } for _, test := range tests { buf := make([]byte, 30) n, ok := packDomainName(test.in, buf, 0) if ok != test.ok { t.Errorf("packing of %s: got ok = %t, want = %t", test.in, ok, test.ok) continue } if !test.ok { continue } buf = buf[:n] got, n, ok := unpackDomainName(buf, 0) if !ok { t.Errorf("unpacking for %s failed", test.in) continue } if n != len(buf) { t.Errorf( "unpacked different amount than packed for %s: got n = %d, want = %d", test.in, n, len(buf), ) } if got != test.want { t.Errorf("unpacking packing of %s: got = %s, want = %s", test.in, got, test.want) } } } func TestDNSPackUnpack(t *testing.T) { want := dnsMsg{ question: []dnsQuestion{{ Name: ".", Qtype: dnsTypeAAAA, Qclass: dnsClassINET, }}, answer: []dnsRR{}, ns: []dnsRR{}, extra: []dnsRR{}, } b, ok := want.Pack() if !ok { t.Fatal("packing failed") } var got dnsMsg ok = got.Unpack(b) if !ok { t.Fatal("unpacking failed") } if !reflect.DeepEqual(got, want) { t.Errorf("got = %+v, want = %+v", got, want) } } func TestDNSParseSRVReply(t *testing.T) { data, err := hex.DecodeString(dnsSRVReply) if err != nil { t.Fatal(err) } msg := new(dnsMsg) ok := msg.Unpack(data) if !ok { t.Fatal("unpacking packet failed") } _ = msg.String() // exercise this code path if g, e := len(msg.answer), 5; g != e { t.Errorf("len(msg.answer) = %d; want %d", g, e) } for idx, rr := range msg.answer { if g, e := rr.Header().Rrtype, uint16(dnsTypeSRV); g != e { t.Errorf("rr[%d].Header().Rrtype = %d; want %d", idx, g, e) } if _, ok := rr.(*dnsRR_SRV); !ok { t.Errorf("answer[%d] = %T; want *dnsRR_SRV", idx, rr) } } for _, name := range [...]string{ "_xmpp-server._tcp.google.com.", "_XMPP-Server._TCP.Google.COM.", "_XMPP-SERVER._TCP.GOOGLE.COM.", } { _, addrs, err := answer(name, "foo:53", msg, uint16(dnsTypeSRV)) if err != nil { t.Error(err) } if g, e := len(addrs), 5; g != e { t.Errorf("len(addrs) = %d; want %d", g, e) t.Logf("addrs = %#v", addrs) } } // repack and unpack. data2, ok := msg.Pack() msg2 := new(dnsMsg) msg2.Unpack(data2) switch { case !ok: t.Error("failed to repack message") case !reflect.DeepEqual(msg, msg2): t.Error("repacked message differs from original") } } func TestDNSParseCorruptSRVReply(t *testing.T) { data, err := hex.DecodeString(dnsSRVCorruptReply) if err != nil { t.Fatal(err) } msg := new(dnsMsg) ok := msg.Unpack(data) if !ok { t.Fatal("unpacking packet failed") } _ = msg.String() // exercise this code path if g, e := len(msg.answer), 5; g != e { t.Errorf("len(msg.answer) = %d; want %d", g, e) } for idx, rr := range msg.answer { if g, e := rr.Header().Rrtype, uint16(dnsTypeSRV); g != e { t.Errorf("rr[%d].Header().Rrtype = %d; want %d", idx, g, e) } if idx == 4 { if _, ok := rr.(*dnsRR_Header); !ok { t.Errorf("answer[%d] = %T; want *dnsRR_Header", idx, rr) } } else { if _, ok := rr.(*dnsRR_SRV); !ok { t.Errorf("answer[%d] = %T; want *dnsRR_SRV", idx, rr) } } } _, addrs, err := answer("_xmpp-server._tcp.google.com.", "foo:53", msg, uint16(dnsTypeSRV)) if err != nil { t.Fatalf("answer: %v", err) } if g, e := len(addrs), 4; g != e { t.Errorf("len(addrs) = %d; want %d", g, e) t.Logf("addrs = %#v", addrs) } } func TestDNSParseTXTReply(t *testing.T) { expectedTxt1 := "v=spf1 redirect=_spf.google.com" expectedTxt2 := "v=spf1 ip4:69.63.179.25 ip4:69.63.178.128/25 ip4:69.63.184.0/25 " + "ip4:66.220.144.128/25 ip4:66.220.155.0/24 " + "ip4:69.171.232.0/25 ip4:66.220.157.0/25 " + "ip4:69.171.244.0/24 mx -all" replies := []string{dnsTXTReply1, dnsTXTReply2} expectedTxts := []string{expectedTxt1, expectedTxt2} for i := range replies { data, err := hex.DecodeString(replies[i]) if err != nil { t.Fatal(err) } msg := new(dnsMsg) ok := msg.Unpack(data) if !ok { t.Errorf("test %d: unpacking packet failed", i) continue } if len(msg.answer) != 1 { t.Errorf("test %d: len(rr.answer) = %d; want 1", i, len(msg.answer)) continue } rr := msg.answer[0] rrTXT, ok := rr.(*dnsRR_TXT) if !ok { t.Errorf("test %d: answer[0] = %T; want *dnsRR_TXT", i, rr) continue } if rrTXT.Txt != expectedTxts[i] { t.Errorf("test %d: Txt = %s; want %s", i, rrTXT.Txt, expectedTxts[i]) } } } func TestDNSParseTXTCorruptDataLengthReply(t *testing.T) { replies := []string{dnsTXTCorruptDataLengthReply1, dnsTXTCorruptDataLengthReply2} for i := range replies { data, err := hex.DecodeString(replies[i]) if err != nil { t.Fatal(err) } msg := new(dnsMsg) ok := msg.Unpack(data) if ok { t.Errorf("test %d: expected to fail on unpacking corrupt packet", i) } } } func TestDNSParseTXTCorruptTXTLengthReply(t *testing.T) { replies := []string{dnsTXTCorruptTXTLengthReply1, dnsTXTCorruptTXTLengthReply2} for i := range replies { data, err := hex.DecodeString(replies[i]) if err != nil { t.Fatal(err) } msg := new(dnsMsg) ok := msg.Unpack(data) // Unpacking should succeed, but we should just get the header. if !ok { t.Errorf("test %d: unpacking packet failed", i) continue } if len(msg.answer) != 1 { t.Errorf("test %d: len(rr.answer) = %d; want 1", i, len(msg.answer)) continue } rr := msg.answer[0] if _, justHeader := rr.(*dnsRR_Header); !justHeader { t.Errorf("test %d: rr = %T; expected *dnsRR_Header", i, rr) } } } func TestIsResponseTo(t *testing.T) { // Sample DNS query. query := dnsMsg{ dnsMsgHdr: dnsMsgHdr{ id: 42, }, question: []dnsQuestion{ { Name: "www.example.com.", Qtype: dnsTypeA, Qclass: dnsClassINET, }, }, } resp := query resp.response = true if !resp.IsResponseTo(&query) { t.Error("got false, want true") } badResponses := []dnsMsg{ // Different ID. { dnsMsgHdr: dnsMsgHdr{ id: 43, response: true, }, question: []dnsQuestion{ { Name: "www.example.com.", Qtype: dnsTypeA, Qclass: dnsClassINET, }, }, }, // Different query name. { dnsMsgHdr: dnsMsgHdr{ id: 42, response: true, }, question: []dnsQuestion{ { Name: "www.google.com.", Qtype: dnsTypeA, Qclass: dnsClassINET, }, }, }, // Different query type. { dnsMsgHdr: dnsMsgHdr{ id: 42, response: true, }, question: []dnsQuestion{ { Name: "www.example.com.", Qtype: dnsTypeAAAA, Qclass: dnsClassINET, }, }, }, // Different query class. { dnsMsgHdr: dnsMsgHdr{ id: 42, response: true, }, question: []dnsQuestion{ { Name: "www.example.com.", Qtype: dnsTypeA, Qclass: dnsClassCSNET, }, }, }, // No questions. { dnsMsgHdr: dnsMsgHdr{ id: 42, response: true, }, }, // Extra questions. { dnsMsgHdr: dnsMsgHdr{ id: 42, response: true, }, question: []dnsQuestion{ { Name: "www.example.com.", Qtype: dnsTypeA, Qclass: dnsClassINET, }, { Name: "www.golang.org.", Qtype: dnsTypeAAAA, Qclass: dnsClassINET, }, }, }, } for i := range badResponses { if badResponses[i].IsResponseTo(&query) { t.Errorf("%v: got true, want false", i) } } } // Valid DNS SRV reply const dnsSRVReply = "0901818000010005000000000c5f786d70702d736572766572045f74637006676f6f67" + "6c6503636f6d0000210001c00c002100010000012c00210014000014950c786d70702d" + "73657276657234016c06676f6f676c6503636f6d00c00c002100010000012c00210014" + "000014950c786d70702d73657276657232016c06676f6f676c6503636f6d00c00c0021" + "00010000012c00210014000014950c786d70702d73657276657233016c06676f6f676c" + "6503636f6d00c00c002100010000012c00200005000014950b786d70702d7365727665" + "72016c06676f6f676c6503636f6d00c00c002100010000012c00210014000014950c78" + "6d70702d73657276657231016c06676f6f676c6503636f6d00" // Corrupt DNS SRV reply, with its final RR having a bogus length // (perhaps it was truncated, or it's malicious) The mutation is the // capital "FF" below, instead of the proper "21". const dnsSRVCorruptReply = "0901818000010005000000000c5f786d70702d736572766572045f74637006676f6f67" + "6c6503636f6d0000210001c00c002100010000012c00210014000014950c786d70702d" + "73657276657234016c06676f6f676c6503636f6d00c00c002100010000012c00210014" + "000014950c786d70702d73657276657232016c06676f6f676c6503636f6d00c00c0021" + "00010000012c00210014000014950c786d70702d73657276657233016c06676f6f676c" + "6503636f6d00c00c002100010000012c00200005000014950b786d70702d7365727665" + "72016c06676f6f676c6503636f6d00c00c002100010000012c00FF0014000014950c78" + "6d70702d73657276657231016c06676f6f676c6503636f6d00" // TXT reply with one const dnsTXTReply1 = "b3458180000100010004000505676d61696c03636f6d0000100001c00c001000010000012c00" + "201f763d737066312072656469726563743d5f7370662e676f6f676c652e636f6dc00" + "c0002000100025d4c000d036e733406676f6f676c65c012c00c0002000100025d4c00" + "06036e7331c057c00c0002000100025d4c0006036e7333c057c00c0002000100025d4" + "c0006036e7332c057c06c00010001000248b50004d8ef200ac09000010001000248b5" + "0004d8ef220ac07e00010001000248b50004d8ef240ac05300010001000248b50004d" + "8ef260a0000291000000000000000" // TXT reply with more than one . // See https://tools.ietf.org/html/rfc1035#section-3.3.14 const dnsTXTReply2 = "a0a381800001000100020002045f7370660866616365626f6f6b03636f6d0000100001c00c0010000" + "100000e1000af7f763d73706631206970343a36392e36332e3137392e3235206970343a36392e" + "36332e3137382e3132382f3235206970343a36392e36332e3138342e302f3235206970343a363" + "62e3232302e3134342e3132382f3235206970343a36362e3232302e3135352e302f3234206970" + "343a36392e3137312e3233322e302f323520692e70343a36362e3232302e3135372e302f32352" + "06970343a36392e3137312e3234342e302f3234206d78202d616c6cc0110002000100025d1500" + "070161026e73c011c0110002000100025d1500040162c0ecc0ea0001000100025d15000445abe" + "f0cc0fd0001000100025d15000445abff0c" // DataLength field should be sum of all TXT fields. In this case it's less. const dnsTXTCorruptDataLengthReply1 = "a0a381800001000100020002045f7370660866616365626f6f6b03636f6d0000100001c00c0010000" + "100000e1000967f763d73706631206970343a36392e36332e3137392e3235206970343a36392e" + "36332e3137382e3132382f3235206970343a36392e36332e3138342e302f3235206970343a363" + "62e3232302e3134342e3132382f3235206970343a36362e3232302e3135352e302f3234206970" + "343a36392e3137312e3233322e302f323520692e70343a36362e3232302e3135372e302f32352" + "06970343a36392e3137312e3234342e302f3234206d78202d616c6cc0110002000100025d1500" + "070161026e73c011c0110002000100025d1500040162c0ecc0ea0001000100025d15000445abe" + "f0cc0fd0001000100025d15000445abff0c" // Same as above but DataLength is more than sum of TXT fields. const dnsTXTCorruptDataLengthReply2 = "a0a381800001000100020002045f7370660866616365626f6f6b03636f6d0000100001c00c0010000" + "100000e1001227f763d73706631206970343a36392e36332e3137392e3235206970343a36392e" + "36332e3137382e3132382f3235206970343a36392e36332e3138342e302f3235206970343a363" + "62e3232302e3134342e3132382f3235206970343a36362e3232302e3135352e302f3234206970" + "343a36392e3137312e3233322e302f323520692e70343a36362e3232302e3135372e302f32352" + "06970343a36392e3137312e3234342e302f3234206d78202d616c6cc0110002000100025d1500" + "070161026e73c011c0110002000100025d1500040162c0ecc0ea0001000100025d15000445abe" + "f0cc0fd0001000100025d15000445abff0c" // TXT Length field is less than actual length. const dnsTXTCorruptTXTLengthReply1 = "a0a381800001000100020002045f7370660866616365626f6f6b03636f6d0000100001c00c0010000" + "100000e1000af7f763d73706631206970343a36392e36332e3137392e3235206970343a36392e" + "36332e3137382e3132382f3235206970343a36392e36332e3138342e302f3235206970343a363" + "62e3232302e3134342e3132382f3235206970343a36362e3232302e3135352e302f3234206970" + "343a36392e3137312e3233322e302f323520691470343a36362e3232302e3135372e302f32352" + "06970343a36392e3137312e3234342e302f3234206d78202d616c6cc0110002000100025d1500" + "070161026e73c011c0110002000100025d1500040162c0ecc0ea0001000100025d15000445abe" + "f0cc0fd0001000100025d15000445abff0c" // TXT Length field is more than actual length. const dnsTXTCorruptTXTLengthReply2 = "a0a381800001000100020002045f7370660866616365626f6f6b03636f6d0000100001c00c0010000" + "100000e1000af7f763d73706631206970343a36392e36332e3137392e3235206970343a36392e" + "36332e3137382e3132382f3235206970343a36392e36332e3138342e302f3235206970343a363" + "62e3232302e3134342e3132382f3235206970343a36362e3232302e3135352e302f3234206970" + "343a36392e3137312e3233322e302f323520693370343a36362e3232302e3135372e302f32352" + "06970343a36392e3137312e3234342e302f3234206d78202d616c6cc0110002000100025d1500" + "070161026e73c011c0110002000100025d1500040162c0ecc0ea0001000100025d15000445abe" + "f0cc0fd0001000100025d15000445abff0c"