diff --git a/CHANGES b/CHANGES index 2e90fb9347..bb6e69040c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +3186. [bug] Version/db mis-match in rpz code. [RT #26180] + 3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations diff --git a/bin/named/query.c b/bin/named/query.c index 36850fdf2f..3869f5b964 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.376 2011/10/20 21:42:11 marka Exp $ */ +/* $Id: query.c,v 1.377 2011/10/28 11:46:49 marka Exp $ */ /*! \file */ @@ -3828,6 +3828,7 @@ rpz_st_clear(ns_client_t *client) { dns_rpz_st_t *st = client->query.rpz_st; rpz_clean(&st->m.zone, &st->m.db, &st->m.node, NULL); + st->m.version = NULL; if (st->m.rdataset != NULL) query_putrdataset(client, &st->m.rdataset); @@ -4121,10 +4122,10 @@ rpz_rewrite_rrsets(ns_client_t *client, dns_rpz_type_t rpz_type, static isc_result_t rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, dns_name_t *sname, dns_rpz_type_t rpz_type, dns_zone_t **zonep, - dns_db_t **dbp, dns_dbnode_t **nodep, dns_rdataset_t **rdatasetp, + dns_db_t **dbp, dns_dbversion_t **versionp, + dns_dbnode_t **nodep, dns_rdataset_t **rdatasetp, dns_rpz_policy_t *policyp) { - dns_dbversion_t *version; dns_rpz_policy_t policy; dns_fixedname_t fixed; dns_name_t *found; @@ -4145,8 +4146,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, * Try to get either a CNAME or the type of record demanded by the * request from the policy zone. */ - version = NULL; - result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, &version); + *versionp = NULL; + result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, versionp); if (result != ISC_R_SUCCESS) { *policyp = DNS_RPZ_POLICY_MISS; return (DNS_R_NXDOMAIN); @@ -4154,14 +4155,14 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, dns_fixedname_init(&fixed); found = dns_fixedname_name(&fixed); - result = dns_db_findext(*dbp, qnamef, version, dns_rdatatype_any, 0, + result = dns_db_findext(*dbp, qnamef, *versionp, dns_rdatatype_any, 0, client->now, nodep, found, &cm, &ci, *rdatasetp, NULL); if (result == ISC_R_SUCCESS) { dns_rdatasetiter_t *rdsiter; rdsiter = NULL; - result = dns_db_allrdatasets(*dbp, *nodep, version, 0, + result = dns_db_allrdatasets(*dbp, *nodep, *versionp, 0, &rdsiter); if (result != ISC_R_SUCCESS) { dns_db_detachnode(*dbp, nodep); @@ -4200,7 +4201,7 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, qtype == dns_rdatatype_sig) result = DNS_R_NXRRSET; else - result = dns_db_findext(*dbp, qnamef, version, + result = dns_db_findext(*dbp, qnamef, *versionp, qtype, 0, client->now, nodep, found, &cm, &ci, *rdatasetp, NULL); @@ -4268,6 +4269,7 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, dns_name_t *prefix, *suffix, *rpz_qname; dns_zone_t *zone; dns_db_t *db; + dns_dbversion_t *version; dns_dbnode_t *node; dns_rpz_policy_t policy; unsigned int labels; @@ -4329,7 +4331,8 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, * See if the policy record exists. */ result = rpz_find(client, qtype, rpz_qname, qname, rpz_type, - &zone, &db, &node, rdatasetp, &policy); + &zone, &db, &version, &node, rdatasetp, + &policy); switch (result) { case DNS_R_NXDOMAIN: case DNS_R_EMPTYNAME: @@ -4388,6 +4391,7 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, node = NULL; st->m.db = db; db = NULL; + st->m.version = version; st->m.zone = zone; zone = NULL; } @@ -5700,6 +5704,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rpz_st->m.node = NULL; db = rpz_st->m.db; rpz_st->m.db = NULL; + version = rpz_st->m.version; + rpz_st->m.version = NULL; zone = rpz_st->m.zone; rpz_st->m.zone = NULL; diff --git a/bin/tests/system/rpz/ns3/crash2 b/bin/tests/system/rpz/ns3/crash2 new file mode 100644 index 0000000000..8c1982073d --- /dev/null +++ b/bin/tests/system/rpz/ns3/crash2 @@ -0,0 +1,25 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: crash2,v 1.2 2011/10/28 11:46:50 marka Exp $ + +; a valid zone containing records that caused crashes + +$TTL 120 +@ SOA crash2.tld3. hostmaster.ns.tld3. ( 1 3600 1200 604800 60 ) + NS ns +ns A 10.53.0.3 + +; #18 in test1, crashed new ASSERT() in rbtdb.c +c1 A 172.16.1.1 diff --git a/bin/tests/system/rpz/ns3/named.conf b/bin/tests/system/rpz/ns3/named.conf index c12b6f5d58..57244b8735 100644 --- a/bin/tests/system/rpz/ns3/named.conf +++ b/bin/tests/system/rpz/ns3/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.4 2011/10/13 01:32:33 vjs Exp $ */ +/* $Id: named.conf,v 1.5 2011/10/28 11:46:50 marka Exp $ */ options { @@ -89,3 +89,4 @@ zone "bl-garden." {type master; file "bl-garden.db"; allow-update {any;};}; zone "crash1.tld2" {type master; file "crash1";}; +zone "crash2.tld3." {type master; file "crash2";}; diff --git a/bin/tests/system/rpz/test1 b/bin/tests/system/rpz/test1 index 5fd1336ce8..7fa61448d3 100644 --- a/bin/tests/system/rpz/test1 +++ b/bin/tests/system/rpz/test1 @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test1,v 1.6 2011/10/13 01:32:32 vjs Exp $ +; $Id: test1,v 1.7 2011/10/28 11:46:49 marka Exp $ ; Use comment lines instead of blank lines to combine update requests into @@ -72,4 +72,8 @@ update add a4-5.tld2.bl. 300 A 127.0.0.16 ; 17 update add a4-6.tld2.bl. 300 CNAME . update add a4-6-cname.tld2.bl. 300 A 127.0.0.17 + +; 18 +update add c1.crash2.tld3.bl. 300 CNAME . + send diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index ade9060bb3..6b0894b735 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.8 2011/10/13 13:03:51 marka Exp $ +# $Id: tests.sh,v 1.9 2011/10/28 11:46:50 marka Exp $ # test response policy zones (RPZ) @@ -214,6 +214,7 @@ addr 56.56.56.56 a3-6.tld2 # 14 wildcard CNAME addr 57.57.57.57 a3-7.sub1.tld2 # 15 wildcard CNAME addr 127.0.0.16 a4-5-cname3.tld2 # 16 CNAME chain addr 127.0.0.17 a4-6-cname3.tld2 # 17 stop short in CNAME chain +nxdomain c1.crash2.tld3 # 18 assert in rbtdb.c end_group start_group "IP rewrites" test2 diff --git a/lib/dns/include/dns/rpz.h b/lib/dns/include/dns/rpz.h index 6b0d8077f1..eba46276dd 100644 --- a/lib/dns/include/dns/rpz.h +++ b/lib/dns/include/dns/rpz.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rpz.h,v 1.4 2011/10/13 01:32:34 vjs Exp $ */ +/* $Id: rpz.h,v 1.5 2011/10/28 11:46:50 marka Exp $ */ #ifndef DNS_RPZ_H #define DNS_RPZ_H 1 @@ -105,6 +105,7 @@ typedef struct { isc_result_t result; dns_zone_t *zone; dns_db_t *db; + dns_dbversion_t *version; dns_dbnode_t *node; dns_rdataset_t *rdataset; } m;