[master] handle servfail at DLZ zone apex
3522. [bug] DLZ lookups could fail to return SERVFAIL when they ought to. [RT #32685]
This commit is contained in:
Evan Hunt
3
CHANGES
3
CHANGES
@@ -1,3 +1,6 @@
|
||||
3522. [bug] DLZ lookups could fail to return SERVFAIL when
|
||||
they ought to. [RT #32685]
|
||||
|
||||
3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
|
||||
|
||||
3520. [bug] 'mctx' was not being referenced counted in some places
|
||||
|
||||
@@ -233,7 +233,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
|
||||
struct dlz_example_data *state;
|
||||
const char *helper_name;
|
||||
va_list ap;
|
||||
char soa_data[200];
|
||||
char soa_data[1024];
|
||||
const char *extra;
|
||||
isc_result_t result;
|
||||
int n;
|
||||
@@ -359,6 +359,18 @@ dlz_findzonedb(void *dbdata, const char *name,
|
||||
strncmp(addrbuf, "10.53.0.1", 9) == 0)
|
||||
return (ISC_R_NOMORE);
|
||||
|
||||
/*
|
||||
* For bigcname.domain, return success so it appears to be
|
||||
* the zone origin; this regression tests a bug in which
|
||||
* zone origin nodes could fail to return SERVFAIL to the client.
|
||||
*/
|
||||
if (strcasecmp(name, "bigcname.domain") == 0)
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
/*
|
||||
* Return success if we have an exact match between the
|
||||
* zone name and the qname
|
||||
*/
|
||||
if (strcasecmp(state->zone_name, name) == 0)
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
@@ -418,7 +430,9 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
|
||||
return (result);
|
||||
}
|
||||
|
||||
if (strcmp(name, "too-long") == 0) {
|
||||
if (strcmp(name, "too-long") == 0 ||
|
||||
strcmp(zone, "bigcname.domain") == 0)
|
||||
{
|
||||
for (i = 0; i < 511; i++)
|
||||
buf[i] = 'x';
|
||||
buf[i] = '\0';
|
||||
|
||||
@@ -143,4 +143,11 @@ grep "status: SERVFAIL" dig.out.ns1.6 > /dev/null || ret=1
|
||||
[ "$ret" -eq 0 ] || echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
|
||||
ret=0
|
||||
echo "I:testing zone returning oversized data at zone origin"
|
||||
$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.7 2>&1 || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns1.7 > /dev/null || ret=1
|
||||
[ "$ret" -eq 0 ] || echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
|
||||
exit $status
|
||||
|
||||
@@ -613,7 +613,10 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
|
||||
|
||||
MAYBE_UNLOCK(sdlz->dlzimp);
|
||||
|
||||
if (result != ISC_R_SUCCESS && !isorigin && !create) {
|
||||
if (result == ISC_R_NOTFOUND && (isorigin || create))
|
||||
result = ISC_R_SUCCESS;
|
||||
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
destroynode(node);
|
||||
return (result);
|
||||
}
|
||||
@@ -625,7 +628,8 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
|
||||
sdlz->dbdata, node);
|
||||
MAYBE_UNLOCK(sdlz->dlzimp);
|
||||
if (result != ISC_R_SUCCESS &&
|
||||
result != ISC_R_NOTIMPLEMENTED) {
|
||||
result != ISC_R_NOTIMPLEMENTED)
|
||||
{
|
||||
destroynode(node);
|
||||
return (result);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user