From 48a995da601f0b9037c652ca48337b4bf3f58d41 Mon Sep 17 00:00:00 2001 From: Brad House Date: Wed, 15 Nov 2023 09:33:47 -0500 Subject: [PATCH 1/5] test: dns test case failures after c-ares update to 1.21.0+ c-ares has made intentional changes to the behavior of TXT records to comply with RFC 7208, which concatenates multiple strings for the same TXT record into a single string. Multiple TXT records are not concatenated. Also, response handling has changed, such that a response which is completely invalid in formatting is thrown away as a malicious forged/spoofed packet rather than returning EBADRESP. This is one step toward RFC 9018 (EDNS COOKIES) which will require the message to at least be structurally valid to validate against spoofed records. Fixes: https://github.com/nodejs/node/issues/50741 Refs: https://github.com/nodejs/node/issues/50444 Fix By: Brad House (@bradh352) --- test/parallel/test-dns-resolveany-bad-ancount.js | 5 +++-- test/parallel/test-dns-resolveany.js | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/test/parallel/test-dns-resolveany-bad-ancount.js b/test/parallel/test-dns-resolveany-bad-ancount.js index 71fcbe03cd58f1..fbc4947b4fda01 100644 --- a/test/parallel/test-dns-resolveany-bad-ancount.js +++ b/test/parallel/test-dns-resolveany-bad-ancount.js @@ -30,13 +30,14 @@ server.bind(0, common.mustCall(async () => { dnsPromises.resolveAny('example.org') .then(common.mustNotCall()) .catch(common.expectsError({ - code: 'EBADRESP', + // May return EBADRESP or ETIMEOUT + // code: 'EBADRESP', syscall: 'queryAny', hostname: 'example.org' })); dns.resolveAny('example.org', common.mustCall((err) => { - assert.strictEqual(err.code, 'EBADRESP'); + assert.notStrictEqual(err.code, 'SUCCESS'); assert.strictEqual(err.syscall, 'queryAny'); assert.strictEqual(err.hostname, 'example.org'); const descriptor = Object.getOwnPropertyDescriptor(err, 'message'); diff --git a/test/parallel/test-dns-resolveany.js b/test/parallel/test-dns-resolveany.js index 0bbfe8f9f18432..f64dbfc93e2da8 100644 --- a/test/parallel/test-dns-resolveany.js +++ b/test/parallel/test-dns-resolveany.js @@ -11,7 +11,7 @@ const answers = [ { type: 'AAAA', address: '::42', ttl: 123 }, { type: 'MX', priority: 42, exchange: 'foobar.com', ttl: 124 }, { type: 'NS', value: 'foobar.org', ttl: 457 }, - { type: 'TXT', entries: [ 'v=spf1 ~all', 'xyz\0foo' ] }, + { type: 'TXT', entries: [ 'v=spf1 ~all xyz\0foo' ] }, { type: 'PTR', value: 'baz.org', ttl: 987 }, { type: 'SOA', From 600a84f8c44af22d8ea1a7d83235b9f9a2db0249 Mon Sep 17 00:00:00 2001 From: Brad House Date: Sun, 19 Nov 2023 10:57:00 -0500 Subject: [PATCH 2/5] try to fix other outstanding issues --- src/cares_wrap.cc | 3 +-- test/parallel/test-dgram-send-cb-quelches-error.js | 3 ++- test/parallel/test-dns-resolveany-bad-ancount.js | 2 +- test/parallel/test-dns.js | 10 ++++++++-- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/cares_wrap.cc b/src/cares_wrap.cc index 8b037356360729..4e4f1fd173a140 100644 --- a/src/cares_wrap.cc +++ b/src/cares_wrap.cc @@ -1700,8 +1700,7 @@ void SetServers(const FunctionCallbackInfo& args) { uint32_t len = arr->Length(); if (len == 0) { - int rv = ares_set_servers(channel->cares_channel(), nullptr); - return args.GetReturnValue().Set(rv); + return args.GetReturnValue().Set(ARES_ENODATA); } std::vector servers(len); diff --git a/test/parallel/test-dgram-send-cb-quelches-error.js b/test/parallel/test-dgram-send-cb-quelches-error.js index 106d2870c2fd42..7714718e2b27c0 100644 --- a/test/parallel/test-dgram-send-cb-quelches-error.js +++ b/test/parallel/test-dgram-send-cb-quelches-error.js @@ -8,7 +8,8 @@ const dns = require('dns'); const socket = dgram.createSocket('udp4'); const buffer = Buffer.from('gary busey'); -dns.setServers([]); +// Why? +//dns.setServers([]); socket.once('error', onEvent); diff --git a/test/parallel/test-dns-resolveany-bad-ancount.js b/test/parallel/test-dns-resolveany-bad-ancount.js index fbc4947b4fda01..5cea388ad6a9f0 100644 --- a/test/parallel/test-dns-resolveany-bad-ancount.js +++ b/test/parallel/test-dns-resolveany-bad-ancount.js @@ -31,7 +31,7 @@ server.bind(0, common.mustCall(async () => { .then(common.mustNotCall()) .catch(common.expectsError({ // May return EBADRESP or ETIMEOUT - // code: 'EBADRESP', + code: /^(?:EBADRESP|ETIMEOUT)$/, syscall: 'queryAny', hostname: 'example.org' })); diff --git a/test/parallel/test-dns.js b/test/parallel/test-dns.js index 40866d4718281a..afc1838011fb0d 100644 --- a/test/parallel/test-dns.js +++ b/test/parallel/test-dns.js @@ -136,8 +136,14 @@ const portsExpected = [ dns.setServers(ports); assert.deepStrictEqual(dns.getServers(), portsExpected); -dns.setServers([]); -assert.deepStrictEqual(dns.getServers(), []); +assert.throws( + () => { + dns.setServers([]); + }, + { + code: 'ENODATA' + } +); { const errObj = { From af82c55d5161b5f2d152acb9468d59a3e0cd014a Mon Sep 17 00:00:00 2001 From: Brad House Date: Sun, 19 Nov 2023 11:07:28 -0500 Subject: [PATCH 3/5] fix reported linter issue --- test/parallel/test-dgram-send-cb-quelches-error.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/parallel/test-dgram-send-cb-quelches-error.js b/test/parallel/test-dgram-send-cb-quelches-error.js index 7714718e2b27c0..15b60179cd66fd 100644 --- a/test/parallel/test-dgram-send-cb-quelches-error.js +++ b/test/parallel/test-dgram-send-cb-quelches-error.js @@ -3,12 +3,12 @@ const common = require('../common'); const mustCall = common.mustCall; const assert = require('assert'); const dgram = require('dgram'); -const dns = require('dns'); const socket = dgram.createSocket('udp4'); const buffer = Buffer.from('gary busey'); // Why? +//const dns = require('dns'); //dns.setServers([]); socket.once('error', onEvent); From 3d2185d434edefefc0df5f6f55649f2d380fe710 Mon Sep 17 00:00:00 2001 From: Brad House Date: Sun, 19 Nov 2023 11:10:55 -0500 Subject: [PATCH 4/5] fix reported linter issue --- test/parallel/test-dgram-send-cb-quelches-error.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/parallel/test-dgram-send-cb-quelches-error.js b/test/parallel/test-dgram-send-cb-quelches-error.js index 15b60179cd66fd..8e8bd189f60008 100644 --- a/test/parallel/test-dgram-send-cb-quelches-error.js +++ b/test/parallel/test-dgram-send-cb-quelches-error.js @@ -7,9 +7,9 @@ const dgram = require('dgram'); const socket = dgram.createSocket('udp4'); const buffer = Buffer.from('gary busey'); -// Why? -//const dns = require('dns'); -//dns.setServers([]); +// Why? +// const dns = require('dns'); +// dns.setServers([]); socket.once('error', onEvent); From d80295f8be6c0df3483be263ad6eb6e04ab35c05 Mon Sep 17 00:00:00 2001 From: Brad House Date: Sun, 19 Nov 2023 11:29:12 -0500 Subject: [PATCH 5/5] revert. c-ares is really going to need to support blanking the server list it appears. --- src/cares_wrap.cc | 3 ++- test/parallel/test-dgram-send-cb-quelches-error.js | 5 ++--- test/parallel/test-dns.js | 10 ++-------- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/src/cares_wrap.cc b/src/cares_wrap.cc index 4e4f1fd173a140..8b037356360729 100644 --- a/src/cares_wrap.cc +++ b/src/cares_wrap.cc @@ -1700,7 +1700,8 @@ void SetServers(const FunctionCallbackInfo& args) { uint32_t len = arr->Length(); if (len == 0) { - return args.GetReturnValue().Set(ARES_ENODATA); + int rv = ares_set_servers(channel->cares_channel(), nullptr); + return args.GetReturnValue().Set(rv); } std::vector servers(len); diff --git a/test/parallel/test-dgram-send-cb-quelches-error.js b/test/parallel/test-dgram-send-cb-quelches-error.js index 8e8bd189f60008..106d2870c2fd42 100644 --- a/test/parallel/test-dgram-send-cb-quelches-error.js +++ b/test/parallel/test-dgram-send-cb-quelches-error.js @@ -3,13 +3,12 @@ const common = require('../common'); const mustCall = common.mustCall; const assert = require('assert'); const dgram = require('dgram'); +const dns = require('dns'); const socket = dgram.createSocket('udp4'); const buffer = Buffer.from('gary busey'); -// Why? -// const dns = require('dns'); -// dns.setServers([]); +dns.setServers([]); socket.once('error', onEvent); diff --git a/test/parallel/test-dns.js b/test/parallel/test-dns.js index afc1838011fb0d..40866d4718281a 100644 --- a/test/parallel/test-dns.js +++ b/test/parallel/test-dns.js @@ -136,14 +136,8 @@ const portsExpected = [ dns.setServers(ports); assert.deepStrictEqual(dns.getServers(), portsExpected); -assert.throws( - () => { - dns.setServers([]); - }, - { - code: 'ENODATA' - } -); +dns.setServers([]); +assert.deepStrictEqual(dns.getServers(), []); { const errObj = {