Commit Graph

11295 Commits

Author SHA1 Message Date
Mark Andrews
0ddfa675e4 Just return tv_sec field 2020-03-18 06:36:10 +00:00
Ondřej Surý
5ae4d3d94a Add C11 localtime_r and gmtime_r shims for Windows
On Windows, C11 localtime_r() and gmtime_r() functions are not
available.  While localtime() and gmtime() functions are already thread
safe because they use Thread Local Storage, it's quite ugly to #ifdef
around every localtime_r() and gmtime_r() usage to make the usage also
thread-safe on POSIX platforms.

The commit adds wrappers around Windows localtime_s() and gmtime_s()
functions.

NOTE: The implementation of localtime_s and gmtime_s in Microsoft CRT
are incompatible with the C standard since it has reversed parameter
order and errno_t return type.

(cherry picked from commit 08f4c7d6c0)
2020-03-17 15:45:35 -07:00
Evan Hunt
bdb8e3ad85 silence a warning about unsafe snprintf() call
(cherry picked from commit ec95b84e8d)
2020-03-17 15:42:14 -07:00
Evan Hunt
c16c095b32 replace unsafe ctime() and gmtime() function calls
This silences LGTM warnings that these functions are not thread-safe.

(cherry picked from commit 5703f70427)
2020-03-17 15:39:08 -07:00
Evan Hunt
beaca3e8db remove or comment empty conditional branches
some empty conditional branches which contained a semicolon were
"fixed" by clang-format to contain nothing. add comments to prevent this.

(cherry picked from commit 735be3b816)
2020-03-17 15:39:03 -07:00
Evan Hunt
1dbd238c15 fix a pointer-to-int cast error
(cherry picked from commit 6b76646037)
2020-03-17 13:16:07 -07:00
Mark Andrews
f438d7f0e6 Add MAXMINDDB_CFLAGS to CINCLUDES
(cherry picked from commit 81a80274bd)
2020-03-16 18:53:20 +11:00
Mark Andrews
e62b2b2933 Silence missing unlock from Coverity.
Save 'i' to 'locknum' and use that rather than using
'header->node->locknum' when performing the deferred
unlock as 'header->node->locknum' can theoretically be
different to 'i'.

(cherry picked from commit 8dd8d48c9f)
2020-03-13 13:37:04 +11:00
Evan Hunt
fca5137622 remove redundant ZONEDB_UNLOCK
(cherry picked from commit b54454b7c6)
2020-03-09 16:52:58 -07:00
Mark Andrews
8fce52189e Fix lists of installed header files 2020-03-06 13:09:47 +11:00
Michał Kępień
be38f0c33a Fix cppcheck 1.90 warnings
cppcheck 1.90 reports the following false positives for
lib/dns/tests/rbt_serialize_test.c:

    lib/dns/tests/rbt_serialize_test.c:412:12: warning: Either the condition 'base!=NULL' is redundant or there is pointer arithmetic with NULL pointer. [nullPointerArithmeticRedundantCheck]
      p = base + (r % filesize);
               ^
    lib/dns/tests/rbt_serialize_test.c:407:20: note: Assuming that condition 'base!=NULL' is not redundant
      assert_true(base != NULL && base != MAP_FAILED);
                       ^
    lib/dns/tests/rbt_serialize_test.c:405:14: note: Assignment 'base=mmap(NULL,filesize,PROT_READ|PROT_WRITE,0|MAP_PRIVATE,fd,0)', assigned value is 0
      base = mmap(NULL, filesize, PROT_READ|PROT_WRITE,
                 ^
    lib/dns/tests/rbt_serialize_test.c:412:12: note: Null pointer addition
      p = base + (r % filesize);
               ^
    lib/dns/tests/rbt_serialize_test.c:413:12: warning: Either the condition 'base!=NULL' is redundant or there is pointer arithmetic with NULL pointer. [nullPointerArithmeticRedundantCheck]
      q = base + filesize;
               ^
    lib/dns/tests/rbt_serialize_test.c:407:20: note: Assuming that condition 'base!=NULL' is not redundant
      assert_true(base != NULL && base != MAP_FAILED);
                       ^
    lib/dns/tests/rbt_serialize_test.c:405:14: note: Assignment 'base=mmap(NULL,filesize,PROT_READ|PROT_WRITE,0|MAP_PRIVATE,fd,0)', assigned value is 0
      base = mmap(NULL, filesize, PROT_READ|PROT_WRITE,
                 ^
    lib/dns/tests/rbt_serialize_test.c:413:12: note: Null pointer addition
      q = base + filesize;
               ^

This is caused by cppcheck not understanding how cmocka's assert_true()
macro works.  The problem being reported is a false positive: if mmap()
fails, the lines flagged by cppcheck will never be reached.  Address the
problem by suppressing nullPointerArithmeticRedundantCheck warnings for
the affected lines.
2020-03-04 12:41:01 +01:00
Michał Kępień
2a01bfd851 Fix cppcheck 1.90 warnings
cppcheck 1.90 reports some false positives for lib/dns/client.c:

    lib/dns/client.c:1431:2: warning: Either the condition 'rctx==((void*)0)' is redundant or there is possible null pointer dereference: rctx. [nullPointerRedundantCheck]
     rctx->rdataset = rdataset;
     ^
    lib/dns/client.c:1416:11: note: Assuming that condition 'rctx==((void*)0)' is not redundant
     if (rctx == NULL)
              ^
    lib/dns/client.c:1415:9: note: Assignment 'rctx=isc__mem_get(mctx,sizeof(*rctx),"lib/dns/client.c",1415)', assigned value is 0
     rctx = isc_mem_get(mctx, sizeof(*rctx));
            ^
    lib/dns/client.c:1431:2: note: Null pointer dereference
     rctx->rdataset = rdataset;
     ^
    lib/dns/client.c:1438:2: warning: Either the condition 'rctx==((void*)0)' is redundant or there is possible null pointer dereference: rctx. [nullPointerRedundantCheck]
     rctx->sigrdataset = sigrdataset;
     ^
    lib/dns/client.c:1416:11: note: Assuming that condition 'rctx==((void*)0)' is not redundant
     if (rctx == NULL)
              ^
    lib/dns/client.c:1415:9: note: Assignment 'rctx=isc__mem_get(mctx,sizeof(*rctx),"lib/dns/client.c",1415)', assigned value is 0
     rctx = isc_mem_get(mctx, sizeof(*rctx));
            ^
    lib/dns/client.c:1438:2: note: Null pointer dereference
     rctx->sigrdataset = sigrdataset;
     ^
    lib/dns/client.c:1445:2: warning: Either the condition 'rctx==((void*)0)' is redundant or there is possible null pointer dereference: rctx. [nullPointerRedundantCheck]
     rctx->client = client;
     ^
    lib/dns/client.c:1416:11: note: Assuming that condition 'rctx==((void*)0)' is not redundant
     if (rctx == NULL)
              ^
    lib/dns/client.c:1415:9: note: Assignment 'rctx=isc__mem_get(mctx,sizeof(*rctx),"lib/dns/client.c",1415)', assigned value is 0
     rctx = isc_mem_get(mctx, sizeof(*rctx));
            ^
    lib/dns/client.c:1445:2: note: Null pointer dereference
     rctx->client = client;
     ^
    lib/dns/client.c:1827:2: warning: Either the condition 'ctx==((void*)0)' is redundant or there is possible null pointer dereference: ctx. [nullPointerRedundantCheck]
     ctx->client = client;
     ^
    lib/dns/client.c:1815:10: note: Assuming that condition 'ctx==((void*)0)' is not redundant
     if (ctx == NULL)
             ^
    lib/dns/client.c:1814:8: note: Assignment 'ctx=isc__mem_get(client->mctx,sizeof(*ctx),"lib/dns/client.c",1814)', assigned value is 0
     ctx = isc_mem_get(client->mctx, sizeof(*ctx));
           ^
    lib/dns/client.c:1827:2: note: Null pointer dereference
     ctx->client = client;
     ^

All of them are caused by cppcheck not recognizing the relationship
between isc_mem_get() returning NULL and the result variable being set
to ISC_R_NOMEMORY (with a subsequent jump to a cleanup section).

Move "goto cleanup;" statements into error handling branches to prevent
cppcheck from generating these warnings.
2020-03-04 12:41:01 +01:00
Michał Kępień
ae7c0cca89 Fix cppcheck 1.89 warnings
cppcheck 1.89 enabled certain value flow analysis mechanisms [1] which
trigger null pointer dereference false positives that were previously
not reported.  It seems that cppcheck no longer treats at least some
REQUIRE() assertion failures as fatal, so add extra assertion macro
definitions to lib/isc/include/isc/util.h that are only used when the
CPPCHECK preprocessor macro is defined; these definitions make cppcheck
1.89 behave as expected.

There is an important requirement for these custom definitions to work:
cppcheck must properly treat abort() as a function which does not
return.  In order for that to happen, the __GNUC__ macro must be set to
a high enough number (because system include directories are used and
system headers compile attributes away if __GNUC__ is not high enough).
__GNUC__ is thus set to the major version number of the GCC compiler
used, which is what that latter does itself during compilation.

[1] aaeec462e6

(cherry picked from commit abfde3d543)
2020-03-04 12:41:01 +01:00
Mark Andrews
fe03f7e9c8 Restart zone maintenance if it had been stalled.
(cherry picked from commit f171347b5f)
2020-03-04 09:20:44 +11:00
Ondřej Surý
14d4bbea61 Adjust lock/unlock in zone_rekey()
(cherry picked from commit aaaa7e67fa)
2020-03-03 16:28:42 +11:00
Mark Andrews
6bf56cdf4d Ensure that resigintime and the zone timer are set
(cherry picked from commit a6626594aa)
2020-03-03 16:28:41 +11:00
Matthijs Mekking
ef99d6bda0 Add more zone locks
Add more zone locks around code that touches zone timer setting
in failure modes.

(cherry picked from commit 143d1c9767)
2020-03-03 16:28:37 +11:00
Mark Andrews
0536bfc91a Always call set_resigntime with the zone lock held
(cherry picked from commit 7212961849)
2020-03-03 16:17:34 +11:00
Mark Andrews
43ff3b3ad5 Always call zone_settimer()
zone_needdump() could potentially not call zone_settimer() so
explitly call zone_settimer() as zone->resigntime could have
gone backward.

(cherry picked from commit 5ec57f31b0)
2020-03-03 16:17:30 +11:00
Mark Andrews
bfef5ce9bc Call set_resigntime() in receive_secure_serial()
With RRSIG records no longer being signed with the full
sig-validity-interval we need to ensure the zone->resigntime
as it may need to be set to a earlier time.

(cherry picked from commit 5d1611afdc)
2020-03-03 16:16:38 +11:00
Ondřej Surý
5edc8b5338 Use standard PKCS#11 standard error codes instead of custom error codes
* CKR_CRYPTOKI_ALREADY_INITIALIZED: This value can only be returned by
  `C_Initialize`. It means that the Cryptoki library has already been
  initialized (by a previous call to `C_Initialize` which did not have a
  matching `C_Finalize` call).

* CKR_FUNCTION_NOT_SUPPORTED: The requested function is not supported by this
  Cryptoki library. Even unsupported functions in the Cryptoki API should have a
  "stub" in the library; this stub should simply return the value
  CKR_FUNCTION_NOT_SUPPORTED.

* CKR_LIBRARY_LOAD_FAILED: The Cryptoki library could not load a dependent
  shared library.

(cherry picked from commit f6922d6e78)
2020-03-02 11:01:05 +01:00
Ondřej Surý
4b9cdbaf7e Replace the OASIS PKCS#11 header file with one from p11-kit
The OASIS pkcs11.h header has a restrictive license.  Replace the
pkcs11.h pkcs11f.h and pkcs11t.h headers with pkcs11.h from p11-kit.

For source distribution, the license for the OASIS headers itself
doesn't pose any licensing problem when combined with MPL license, but
it possibly creates problem for downstream distributors of BIND 9.

(cherry picked from commit c47fad2431)
2020-03-02 10:43:45 +01:00
Mark Andrews
317e0cf4c9 sort RRSIG(SOA) to be last of RRSIGs with a common re-resign time
(cherry picked from commit a24fd55836)
2020-02-28 10:13:57 +11:00
Mark Andrews
51f3d3781e use the full sig-validity-interval for RRSIG(SOA)
(cherry picked from commit 660dc3eba7)
2020-02-28 10:10:26 +11:00
Evan Hunt
191b616579 fix additional spelling errors 2020-02-24 22:04:43 -08:00
Evan Hunt
e63223332c fix spelling errors reported by Fossies. 2020-02-21 14:09:59 -08:00
Mark Andrews
4ecf3b8961 fixup! Fix code to generate the test signatues. 2020-02-21 18:10:44 +11:00
Mark Andrews
22422a2f5d Fix code to generate the test signatues.
* ctx needs to be destroyed before it is regenerated.
* emit the name of the signature to be replaced.
* cleanup memory before asserting so post longjump doesn't detect a
  memory leak.
* comment code.

(cherry picked from commit 3a8c8a2a31)
2020-02-21 17:45:47 +11:00
Tinderbox User
aa55ef6c43 prep 9.11.16 2020-02-12 15:37:33 +00:00
Ondřej Surý
f71a8d1120 Convert all atomic operations in isc_rwlock to sequentially-consistent ordering
The memory ordering in the rwlock was all wrong, I am copying excerpts
from the https://en.cppreference.com/w/c/atomic/memory_order#Relaxed_ordering
for the convenience of the reader:

  Relaxed ordering

  Atomic operations tagged memory_order_relaxed are not synchronization
  operations; they do not impose an order among concurrent memory
  accesses. They only guarantee atomicity and modification order
  consistency.

  Sequentially-consistent ordering

  Atomic operations tagged memory_order_seq_cst not only order memory
  the same way as release/acquire ordering (everything that
  happened-before a store in one thread becomes a visible side effect in
  the thread that did a load), but also establish a single total
  modification order of all atomic operations that are so tagged.

Which basically means that we had no or weak synchronization between
threads using the same variables in the rwlock structure.  There should
not be a significant performance drop because the critical sections were
already protected by:

  while(1) {
    if (relaxed_atomic_operation) {
      break;
    }
    LOCK(lock);
    if (!relaxed_atomic_operation) {
      WAIT(sem, lock);
    }
    UNLOCK(lock)l
  }

I would add one more thing to "Don't do your own crypto, folks.":

  - Also don't do your own locking, folks.

As part of this commit, I have also cleaned up the #ifdef spaghetti,
and fixed the isc_atomic API usage.
2020-02-11 21:20:14 +01:00
Ondřej Surý
542517b194 Make isc_rwlock.c thread-safe
The ThreadSanitizer found several possible data races in our rwlock
implementation.  This commit convert .spins and .write_granted fields
to atomic.

(cherry picked from commit 1da0994ea4)
2020-02-11 20:05:51 +01:00
Mark Andrews
8d0b59a5f5 Silence Coverity FORWARD_NULL warning
CID 1458400 (#1 of 1): Dereference after null check
	(FORWARD_NULL) 14. var_deref_model: Passing null pointer
	nxt->typebits to mem_tobuffer, which dereferences it. [show
	details]

219        return (mem_tobuffer(target, nxt->typebits, nxt->len));
2020-02-11 13:02:08 +00:00
Ondřej Surý
cb2dde567c Cleanup support for specifying PKCS#11 engine as part of the label
The code for specifying OpenSSL PKCS#11 engine as part of the label
(e.g. -l "pkcs11:token=..." instead of -E pkcs11 -l "token=...")
was non-functional.  This commit just cleans the related code.

(cherry picked from commit a5c87d9d18)
2020-02-11 10:42:33 +01:00
Ondřej Surý
699bda8de7 Clean the ENTER/EXIT/NOTICE debugging from production code
(cherry picked from commit 5b448996e5)
2020-02-08 11:46:37 -08:00
Ondřej Surý
f2c5bdda21 Refactor parts of isc_httpd and isc_httpd for better readability and safety
(cherry picked from commit 9643a62dd5)
2020-02-08 11:46:37 -08:00
Mark Andrews
e5522d114b add ISC_MAGIC and reference counting to httpd and httpdmgr
(cherry picked from commit 7c3f419d66)
2020-02-08 11:37:25 -08:00
Matthijs Mekking
ea477e114b mem.c: delay assignment until after REQUIRE 2020-02-08 06:32:42 -08:00
Matthijs Mekking
c8959c0e3a Check for basic blocks not NULL 2020-02-08 06:32:42 -08:00
Matthijs Mekking
4af46a8574 rdata: delay assignment until after REQUIRE 2020-02-08 06:32:42 -08:00
Matthijs Mekking
86184dfb68 Suppress cppcheck false positive nullPointerRedundantCheck 2020-02-08 06:32:42 -08:00
Mark Andrews
39cb4dc6c9 delay assignment until after REQUIRE
(cherry picked from commit c65c06301c)
2020-02-08 06:32:42 -08:00
Mark Andrews
12cda20aa2 simplify ISC_LIKELY/ISC_UNLIKELY for CPPCHECK
(cherry picked from commit 6c2e138d7a)
2020-02-08 06:32:42 -08:00
Mark Andrews
26caad3c12 simplify RUNTIME_CHECK for cppcheck
(cherry picked from commit 668a972d1e)
2020-02-08 06:32:42 -08:00
Mark Andrews
2543bfe0d2 Fix indenting.
(cherry picked from commit 98d5109e82)
2020-02-07 21:43:57 +11:00
Michal Nowak
0e284831ce Windows: Prevent tools from clashing with named in system tests
In system tests on Windows tool's local port can sometimes clash with
'named'. On Unix the system is poked for the minimal local port,
otherwise is set to 32768 as a sane minimum. For Windows we don't
poke but set a hardcoded limit; this change aligns the limit with
Unix and changes it to 32768.

(cherry picked from commit ed7fe5fae3b22d136f0a5a92ea3b67536b10a5ce)
2020-02-05 11:07:33 +00:00
Evan Hunt
edee4f93c5 Correctly handle catalog zone entries containing slashes
- Add quotes before and after zone name when generating "addzone"
  input so avoid "unexpected token" errors.
- Use a hex digest for zone filenames when the zone or view name
  contains a slash.
- Test with a domain name containing a slash.
- Incidentally added 'catzhash.py' to contrib/scripts to generate
  hash labels for catalog zones, as it was needed to write the test.

(cherry picked from commit dba0163dac)
2020-02-03 19:23:37 -08:00
Mark Andrews
f72c0b9257 style
(cherry picked from commit 279f6b01de)
2020-01-31 11:33:27 +11:00
Mark Andrews
1da7fef048 use anonomous constants
(cherry picked from commit 02c2fc5ad3)
2020-01-31 11:33:27 +11:00
Mark Andrews
3732485b61 use enum
(cherry picked from commit 7c0d9dac9f)
2020-01-31 11:33:27 +11:00
Mark Andrews
1c2b1add66 return the correct error code for the type being checked
(cherry picked from commit a09c464a20)
2020-01-31 11:33:27 +11:00