From 3f25f3349e27697590df3075c759c5a981b1365e Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 18 Jan 2024 18:54:09 +1100 Subject: [PATCH 1/3] Remove infinite loop on ISC_R_NOFILE When parsing a zonefile named-checkzone (and others) could loop infinitely if a directory was $INCLUDED. Record the error and treat as EOF when looking for multiple errors. This was found by Eric Sesterhenn from X41. (cherry picked from commit efd27bb82d89ad0ff0e52b93b30d0ef2cc5e2d8e) --- lib/dns/master.c | 75 ++++++++++++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 28 deletions(-) diff --git a/lib/dns/master.c b/lib/dns/master.c index eab1d00364..e56fa4f12f 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -214,33 +214,52 @@ task_send(dns_loadctx_t *lctx); static void loadctx_destroy(dns_loadctx_t *lctx); -#define GETTOKENERR(lexer, options, token, eol, err) \ - do { \ - result = gettoken(lexer, options, token, eol, callbacks); \ - switch (result) { \ - case ISC_R_SUCCESS: \ - break; \ - case ISC_R_UNEXPECTED: \ - goto insist_and_cleanup; \ - default: \ - if (MANYERRS(lctx, result)) { \ - SETRESULT(lctx, result); \ - LOGIT(result); \ - read_till_eol = true; \ - err goto next_line; \ - } else \ - goto log_and_cleanup; \ - } \ - if ((token)->type == isc_tokentype_special) { \ - result = DNS_R_SYNTAX; \ - if (MANYERRS(lctx, result)) { \ - SETRESULT(lctx, result); \ - LOGIT(result); \ - read_till_eol = true; \ - goto next_line; \ - } else \ - goto log_and_cleanup; \ - } \ +#define LCTX_MANYERRORS(lctx) (((lctx)->options & DNS_MASTER_MANYERRORS) != 0) + +#define GETTOKENERR(lexer, options, token, eol, err) \ + do { \ + result = gettoken(lexer, options, token, eol, callbacks); \ + switch (result) { \ + case ISC_R_SUCCESS: \ + break; \ + case ISC_R_NOTFILE: \ + /* Treat "bad" $INCLUDE as eof. */ \ + if (ictx->parent != NULL && LCTX_MANYERRORS(lctx)) { \ + SETRESULT(lctx, result); \ + COMMITALL; \ + lctx->inc = ictx->parent; \ + ictx->parent = NULL; \ + incctx_destroy(lctx->mctx, ictx); \ + RUNTIME_CHECK(isc_lex_close(lctx->lex) == \ + ISC_R_SUCCESS); \ + line = isc_lex_getsourceline(lctx->lex); \ + POST(line); \ + source = isc_lex_getsourcename(lctx->lex); \ + ictx = lctx->inc; \ + continue; \ + } \ + goto insist_and_cleanup; \ + case ISC_R_UNEXPECTED: \ + goto insist_and_cleanup; \ + default: \ + if (MANYERRS(lctx, result)) { \ + SETRESULT(lctx, result); \ + LOGIT(result); \ + read_till_eol = true; \ + err goto next_line; \ + } else \ + goto log_and_cleanup; \ + } \ + if ((token)->type == isc_tokentype_special) { \ + result = DNS_R_SYNTAX; \ + if (MANYERRS(lctx, result)) { \ + SETRESULT(lctx, result); \ + LOGIT(result); \ + read_till_eol = true; \ + goto next_line; \ + } else \ + goto log_and_cleanup; \ + } \ } while (0) #define GETTOKEN(lexer, options, token, eol) \ GETTOKENERR(lexer, options, token, eol, {}) @@ -293,7 +312,7 @@ loadctx_destroy(dns_loadctx_t *lctx); #define MANYERRS(lctx, result) \ ((result != ISC_R_SUCCESS) && (result != ISC_R_IOERROR) && \ - ((lctx)->options & DNS_MASTER_MANYERRORS) != 0) + LCTX_MANYERRORS(lctx)) #define SETRESULT(lctx, r) \ do { \ From 602b20d3f55d70301b7d371f8fab1317d72925f0 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 18 Jan 2024 19:08:14 +1100 Subject: [PATCH 2/3] Test including a directory in a zone file (cherry picked from commit e697d20f008ed1c77d59317e4b297a09d951669c) --- .../system/checkzone/zones/bad-include-directory.db | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 bin/tests/system/checkzone/zones/bad-include-directory.db diff --git a/bin/tests/system/checkzone/zones/bad-include-directory.db b/bin/tests/system/checkzone/zones/bad-include-directory.db new file mode 100644 index 0000000000..3ccf700960 --- /dev/null +++ b/bin/tests/system/checkzone/zones/bad-include-directory.db @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$INCLUDE . +$INCLUDE .. From 44034b4ef28ea47a4f26894fc57ef6308f1a61e0 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 18 Jan 2024 19:04:54 +1100 Subject: [PATCH 3/3] Add CHANGES note for [GL #4357] (cherry picked from commit 236a38a7c90cfdd0fdc4afc9c26426622faa2614) --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 09ff3a5bc1..f53b39ccdd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6384. [bug] Remove infinite loop when including a directory in a + zone file. [GL #4357] + 6383. [bug] Address an infinite loop in $GENERATE when a negative value was converted in nibble mode. [GL #4353]