search

MiniDNS / minidns

DNS library for Android and Java SE
Other
215 stars 61 forks source link

Avoid exception when DNSKEY record references unknown signature algorithm #137

Closed cketti closed 3 months ago

cketti commented 3 months ago

Using DnssecResolverApi.INSTANCE to resolve technikum-wien.at throws a NullPointerException. This is caused by the DNSKEY class not being able to handle unknown/unsupported algorithm bytes.

Stacktrace (MiniDNS 1.0.4):

java.lang.NullPointerException: Attempt to read from field 'byte org.minidns.constants.DnssecConstants$SignatureAlgorithm.number' on a null object reference in method 'void org.minidns.record.DNSKEY.<init>(short, byte, org.minidns.constants.DnssecConstants$SignatureAlgorithm, byte[])'
  at org.minidns.record.DNSKEY.<init>(DNSKEY.java:109)
  at org.minidns.record.DNSKEY.<init>(DNSKEY.java:105)
  at org.minidns.record.DNSKEY.parse(DNSKEY.java:90)
  at org.minidns.record.Record.parse(Record.java:376)
  at org.minidns.dnsmessage.DnsMessage.<init>(DnsMessage.java:414)
  at org.minidns.source.NetworkDataSource.queryUdp(NetworkDataSource.java:97)
  at org.minidns.source.NetworkDataSource.query(NetworkDataSource.java:60)
  at org.minidns.source.NetworkDataSource.query(NetworkDataSource.java:34)
  at org.minidns.AbstractDnsClient.query(AbstractDnsClient.java:250)
  at org.minidns.AbstractDnsClient.query(AbstractDnsClient.java:360)
  at org.minidns.DnsClient.query(DnsClient.java:157)
  at org.minidns.iterative.ReliableDnsClient.query(ReliableDnsClient.java:99)
  at org.minidns.AbstractDnsClient.query(AbstractDnsClient.java:188)
  at org.minidns.dnssec.DnssecClient.queryDnssec(DnssecClient.java:104)
  at org.minidns.dnssec.DnssecClient.queryDnssec(DnssecClient.java:100)
  at org.minidns.dnssec.DnssecClient.verifySignedRecords(DnssecClient.java:381)
  at org.minidns.dnssec.DnssecClient.verifySignatures(DnssecClient.java:321)
  at org.minidns.dnssec.DnssecClient.verifyAnswer(DnssecClient.java:159)
  at org.minidns.dnssec.DnssecClient.verify(DnssecClient.java:149)
  at org.minidns.dnssec.DnssecClient.performVerification(DnssecClient.java:115)
  at org.minidns.dnssec.DnssecClient.queryDnssec(DnssecClient.java:105)
  at org.minidns.hla.DnssecResolverApi.resolve(DnssecResolverApi.java:65)
  at org.minidns.hla.ResolverApi.resolve(ResolverApi.java:114)
  at org.minidns.hla.ResolverApi.resolve(ResolverApi.java:108)

See https://github.com/thunderbird/thunderbird-android/issues/7739

The rest of the code seems to cope fine with DNSKEY.algorithm being null. With this change applied the name can be resolved without an exception.

Flowdalic commented 3 months ago

Thanks, much appreciated. Looks good to me.

And this looks like a candidate for the stable 1.0 branch. Could you change this PR so that it targets the 1.0 branch? This probably requires that you cherry-pick your commit on top of the 1.0 branch.

cketti commented 3 months ago

Done. I also fixed the checkstyle error.

Flowdalic commented 3 months ago

Fix included in MiniDNS 1.0.5. Thanks for your contribution.

cketti commented 3 months ago

Thank you! :heart: