1 #!/usr/bin/python3 2 3 # Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4 # 5 # SPDX-License-Identifier: MPL-2.0 6 # 7 # This Source Code Form is subject to the terms of the Mozilla Public 8 # License, v. 2.0. If a copy of the MPL was not distributed with this 9 # file, you can obtain one at https://mozilla.org/MPL/2.0/. 10 # 11 # See the COPYRIGHT file distributed with this work for additional 12 # information regarding copyright ownership. 13 14 # pylint: disable=unused-variable 15 16 import time 17 18 import dns.message 19 import dns.rdataclass 20 import dns.rdatatype 21 import dns.rdtypes.ANY.TKEY 22 import dns.rrset 23 import dns.tsigkeyring 24 import pytest 25 26 import isctest 27 28 pytestmark = pytest.mark.extra_artifacts([]) 29 30 31 def create_tkey_msg(qname, mode, alg="hmac-sha256"): 32 msg = dns.message.make_query(qname, "TKEY") 33 now = int(time.time()) 34 rdata = dns.rdtypes.ANY.TKEY.TKEY( 35 rdclass=dns.rdataclass.ANY, 36 rdtype=dns.rdatatype.TKEY, 37 algorithm=alg, 38 inception=now - 3600, 39 expiration=now + 86400, 40 mode=mode, 41 error=0, 42 key=b"", 43 ) 44 rrset = dns.rrset.from_rdata(qname, dns.rdatatype.TKEY, rdata) 45 msg.additional.append(rrset) 46 return msg 47 48 49 def test_tkey_cve_2026_3119(ns1): 50 keyring = dns.tsigkeyring.from_text( 51 { 52 "test-key": "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=", 53 } 54 ) 55 56 msg_delete = create_tkey_msg("a.example.nil.", 5) 57 msg_delete.use_tsig(keyring, keyname="test-key") 58 isctest.query.tcp(msg_delete, ns1.ip, attempts=1) 59 60 msg_unsupported = create_tkey_msg("a.example.nil.", 99) 61 msg_unsupported.use_tsig(keyring, keyname="test-key") 62 isctest.query.tcp(msg_unsupported, ns1.ip, attempts=1) 63
Indexes created Fri Apr 17 00:22:50 UTC 2026