bind/SOURCES/bind-9.11-CVE-2018-5744-test.patch

From 4b9bfa5c8cae6f81e94af0f582bf9686320144db Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 10 Dec 2018 13:33:54 +1100
Subject: [PATCH] check that multiple KEY-TAG trust-anchor-telemetry options
 don't leak memory

(cherry picked from commit 4b1dc4a5445e9561f2208f9388cf9f9e2cfcbe51)
(cherry picked from commit f545e9dff1f0eadcdea5531ef7062324d232c716)
(cherry picked from commit 2bda5ac2e1635ac10a595c4ff155516ded7abec2)
---
 bin/tests/system/dnssec/tests.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 3156668..b1907c7 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3508,11 +3508,22 @@ status=`expr $status + $ret`
 
 echo_i "check that KEY-TAG trust-anchor-telemetry queries are logged ($n)"
 ret=0
-$DIG $DIGOPTS . dnskey +ednsopt=KEY-TAG:ffff @10.53.0.1 > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS . dnskey +ednsopt=KEY-TAG:ffff @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep "trust-anchor-telemetry './IN' from .* 65535" ns1/named.run > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+echo_i "check that multiple KEY-TAG trust-anchor-telemetry options don't leak memory ($n)"
+ret=0
+$DIG $DIGOPTS . dnskey +ednsopt=KEY-TAG:fffe +ednsopt=KEY-TAG:fffd @10.53.0.1 > dig.out.ns1.test$n || ret=1
+grep "trust-anchor-telemetry './IN' from .* 65534" ns1/named.run > /dev/null || ret=1
+grep "trust-anchor-telemetry './IN' from .* 65533" ns1/named.run > /dev/null && ret=1
+(cd "$SYSTEMTESTTOP" && $PERL ./stop.pl dnssec ns1) || ret=1
+(cd "$SYSTEMTESTTOP" && $PERL ./start.pl --noclean --restart --port ${PORT} dnssec ns1) || ret=1
+n=`expr $n + 1`
+test "$ret" -eq 0 || echo_i "failed"
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
-- 
2.20.1