ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Merge branch '4290-raise-log-level-to-isc_log_error-on-formerr-in-xfrin-c' into 'main'

Browse Source 
Resolve "raise log level to ISC_LOG_NOTICE on FORMERR in xfrin.c"

Closes #4290

See merge request isc-projects/bind9!8262
This commit is contained in:
Mark Andrews
2023-09-06 09:13:23 +00:00
parent fafa7f397b b867244305
commit b6e5960b09
2 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
6244. [bug] Adjust log levels on malformed messages to NOTICE when
transferring in a zone. [GL #4290]
6243. [bug] Restore the call order of dns_validator_destroy and 6243. [bug] Restore the call order of dns_validator_destroy and
fetchctx_detach to prevent use after free. [GL #4214] fetchctx_detach to prevent use after free. [GL #4214]

24
lib/dns/xfrin.c
View File

@@ -380,7 +380,7 @@ ixfr_init(dns_xfrin_t *xfr) {
char *journalfile = NULL; char *journalfile = NULL;
if (xfr->reqtype != dns_rdatatype_ixfr) { if (xfr->reqtype != dns_rdatatype_ixfr) {
xfrin_log(xfr, ISC_LOG_ERROR, xfrin_log(xfr, ISC_LOG_NOTICE,
"got incremental response to AXFR request"); "got incremental response to AXFR request");
return (DNS_R_FORMERR); return (DNS_R_FORMERR);
} }
@@ -496,6 +496,10 @@ xfr_rr(dns_xfrin_t *xfr, dns_name_t *name, uint32_t ttl, dns_rdata_t *rdata) {
if (rdata->type == dns_rdatatype_none || if (rdata->type == dns_rdatatype_none ||
dns_rdatatype_ismeta(rdata->type)) dns_rdatatype_ismeta(rdata->type))
{ {
char buf[64];
dns_rdatatype_format(rdata->type, buf, sizeof(buf));
xfrin_log(xfr, ISC_LOG_NOTICE,
"Unexpected %s record in zone transfer", buf);
FAIL(DNS_R_FORMERR); FAIL(DNS_R_FORMERR);
} }
@@ -518,7 +522,7 @@ redo:
switch (xfr->state) { switch (xfr->state) {
case XFRST_SOAQUERY: case XFRST_SOAQUERY:
if (rdata->type != dns_rdatatype_soa) { if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_ERROR, xfrin_log(xfr, ISC_LOG_NOTICE,
"non-SOA response to SOA query"); "non-SOA response to SOA query");
FAIL(DNS_R_FORMERR); FAIL(DNS_R_FORMERR);
} }
@@ -543,7 +547,7 @@ redo:
case XFRST_INITIALSOA: case XFRST_INITIALSOA:
if (rdata->type != dns_rdatatype_soa) { if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_ERROR, xfrin_log(xfr, ISC_LOG_NOTICE,
"first RR in zone transfer must be SOA"); "first RR in zone transfer must be SOA");
FAIL(DNS_R_FORMERR); FAIL(DNS_R_FORMERR);
} }
@@ -628,7 +632,7 @@ redo:
xfr->state = XFRST_IXFR_END; xfr->state = XFRST_IXFR_END;
break; break;
} else if (soa_serial != xfr->ixfr.current_serial) { } else if (soa_serial != xfr->ixfr.current_serial) {
xfrin_log(xfr, ISC_LOG_ERROR, xfrin_log(xfr, ISC_LOG_NOTICE,
"IXFR out of sync: " "IXFR out of sync: "
"expected serial %u, got %u", "expected serial %u, got %u",
xfr->ixfr.current_serial, soa_serial); xfr->ixfr.current_serial, soa_serial);
@@ -664,7 +668,7 @@ redo:
* allow for case differences. * allow for case differences.
*/ */
if (dns_rdata_compare(rdata, &xfr->firstsoa) != 0) { if (dns_rdata_compare(rdata, &xfr->firstsoa) != 0) {
xfrin_log(xfr, ISC_LOG_ERROR, xfrin_log(xfr, ISC_LOG_NOTICE,
"start and ending SOA records " "start and ending SOA records "
"mismatch"); "mismatch");
FAIL(DNS_R_FORMERR); FAIL(DNS_R_FORMERR);
@@ -1471,7 +1475,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
* match the question that was sent. * match the question that was sent.
*/ */
if (msg->counts[DNS_SECTION_QUESTION] > 1) { if (msg->counts[DNS_SECTION_QUESTION] > 1) {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "too many questions (%u)", xfrin_log(xfr, ISC_LOG_NOTICE, "too many questions (%u)",
msg->counts[DNS_SECTION_QUESTION]); msg->counts[DNS_SECTION_QUESTION]);
result = DNS_R_FORMERR; result = DNS_R_FORMERR;
goto failure; goto failure;
@@ -1480,7 +1484,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
if ((xfr->state == XFRST_SOAQUERY || xfr->state == XFRST_INITIALSOA) && if ((xfr->state == XFRST_SOAQUERY || xfr->state == XFRST_INITIALSOA) &&
msg->counts[DNS_SECTION_QUESTION] != 1) msg->counts[DNS_SECTION_QUESTION] != 1)
{ {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "missing question section"); xfrin_log(xfr, ISC_LOG_NOTICE, "missing question section");
result = DNS_R_FORMERR; result = DNS_R_FORMERR;
goto failure; goto failure;
} }
@@ -1497,7 +1501,7 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
dns_message_currentname(msg, DNS_SECTION_QUESTION, &name); dns_message_currentname(msg, DNS_SECTION_QUESTION, &name);
if (!dns_name_equal(name, &xfr->name)) { if (!dns_name_equal(name, &xfr->name)) {
result = DNS_R_FORMERR; result = DNS_R_FORMERR;
xfrin_log(xfr, ISC_LOG_DEBUG(3), xfrin_log(xfr, ISC_LOG_NOTICE,
"question name mismatch"); "question name mismatch");
goto failure; goto failure;
} }
@@ -1505,13 +1509,13 @@ xfrin_recv_done(isc_result_t result, isc_region_t *region, void *arg) {
INSIST(rds != NULL); INSIST(rds != NULL);
if (rds->type != xfr->reqtype) { if (rds->type != xfr->reqtype) {
result = DNS_R_FORMERR; result = DNS_R_FORMERR;
xfrin_log(xfr, ISC_LOG_DEBUG(3), xfrin_log(xfr, ISC_LOG_NOTICE,
"question type mismatch"); "question type mismatch");
goto failure; goto failure;
} }
if (rds->rdclass != xfr->rdclass) { if (rds->rdclass != xfr->rdclass) {
result = DNS_R_FORMERR; result = DNS_R_FORMERR;
xfrin_log(xfr, ISC_LOG_DEBUG(3), xfrin_log(xfr, ISC_LOG_NOTICE,
"question class mismatch"); "question class mismatch");
goto failure; goto failure;
} }