This bug was masked in the tests because the `catz` test script did an
`rndc addzone` before an `rndc delzone`. The `addzone` autovivified
the NZF config, so `delzone` worked OK.
This commit swaps the order of two sections of the `catz` test script
so that it uses `delzone` before `addzone`, which provokes a crash
when `delzone` requires a non-NULL NZF config.
To fix the crash, we now try to remove the zone from the NZF config
only if it was dynamically added but not by a catalog zone.
The following report suggests that the 'size' parameter in the two
calls to 'isc_mem_get()' should be set to the
'count * sizeof(*tlsnames)' and 'count * sizeof(*keynames)'
respectively.
/lib/dns/remote.c: 117 in dns_remote_init()
111 }
112 } else {
113 remote->keynames = NULL;
114 }
115
116 if (tlsnames != NULL) {
>>> CID 432259: (SIZEOF_MISMATCH)
>>> Passing argument "count * 8UL /* sizeof (tlsnames) */" to
>>> function "isc__mem_get" and then casting the return value to
>>> "dns_name_t **" is suspicious. In this particular case
>>> "sizeof (dns_name_t **)" happens to be equal to
>>> "sizeof (dns_name_t *)", but this is not a portable assumption.
117 remote->tlsnames = isc_mem_get(mctx, count * sizeof(tlsnames));
118 for (i = 0; i < count; i++) {
119 remote->tlsnames[i] = NULL;
120 }
121 for (i = 0; i < count; i++) {
122 if (tlsnames[i] != NULL) {
/lib/dns/remote.c: 99 in dns_remote_init()
93 memmove(remote->dscps, dscp, count * sizeof(isc_dscp_t));
94 } else {
95 remote->dscps = NULL;
96 }
97
98 if (keynames != NULL) {
>>> CID 432259: (SIZEOF_MISMATCH)
>>> Passing argument "count * 8UL /* sizeof (keynames) */" to
>>> function "isc__mem_get" and then casting the return value to
>>> "dns_name_t **" is suspicious. In this particular case
>>> "sizeof (dns_name_t **)" happens to be equal to "sizeof
>>> (dns_name_t *)", but this is not a portable assumption.
99 remote->keynames = isc_mem_get(mctx, count * sizeof(keynames));
100 for (i = 0; i < count; i++) {
101 remote->keynames[i] = NULL;
102 }
103 for (i = 0; i < count; i++) {
104 if (keynames[i] != NULL) {
When shutting down, the cleanup path should not try to destroy
'newnodes', because it is NULL at that point.
Introduce another label for the "shuttingdown" scenario.
The clean_namehooks() function does't hold the 'adb->entries_lock'
lock, so calling maybe_expire_entry() is not thread-safe.
Instead of adding a lock/unlock, leave the expiration to later,
e.g. by the get_attached_and_locked_entry() function.
Also fix a couple of comment typos.
This commit replaces ad-hoc code for send requests buffer management
within TLS with the one based on isc_buffer_t.
Previous version of the code was trying to use pre-allocated small
buffers to avoid extra allocations. The code would allocate a larger
dynamic buffer when needed. There is no need to have ad-hoc code for
this, as isc_buffer_t now provides this functionality internally.
Additionally to the above, the old version of the code lacked any
logic to reuse the dynamically allocated buffers. Now, as we do not
manage memory buffers, but isc_buffer_t objects, we can implement this
strategy. It can be in particular helpful for longer lasting
connections, as in this case the buffer will adjust itself to the size
of the messages being transferred. That is, it is in particular useful
for XoT, as Stream DNS happen to order send requests in such a way
that the send request will get reused.
Remove parsing the configuration options 'alt-transfer-source',
'alt-transfer-source-v6', and 'use-alt-transfer-source', and remove
the corresponding code that implements the feature.
Use the configured 'source' and 'source-v6' when initiating a zone
transfer, sending a notify, or when checking for the DS. Remove the
special code for using alternate transfer sources.
Update some system tests to use the new configuration and make sure
the tests still work.
Add a new way to configure the preferred source address when talking to
remote servers such as primaries and parental-agents. This will
eventually deprecate options such as 'parental-source',
'parental-source-v6', 'transfer-source', etc.
Example of the new configuration:
parental-agents "parents" port 5353 \
source 10.10.10.10 port 5354 dscp 54 \
source-v6 2001:db8::10 port 5355 dscp 55 {
10.10.10.11;
2001:db8::11;
};
The dns_remote_t structure is intended to replace the variables in
the structure that deals with remote server communication to primaries,
parental agents, forwarders, etc.
Ensure that no .gitignore file in the tree contains patterns matching
files tracked by Git by adding a simple script that detects such
situations and running that script as part of the "misc" job in the
"precheck" stage of every GitLab CI pipeline.
The Makefile used to be autogenerated prior to
67f76b1269 which is the reason why the
.gitignore existed in the first place. Since then, a static Makefile is
used and is supposed to be tracked in the git repo.
The pre-defined test cases use named.$TESTCASE.conf naming convention,
where TESTCASE is a human readable name contaning actual word(s). The
autogenerated test cases' names always start with a number from 1 to 6.
bin/tests/system/rrsetorder/dig.out* files match a gitignore expression
present in bin/tests/system/.gitignore. Since these are meant to be
reference files that are compared to the files generated when the
"rrsetorder" system test is run, rename them to avoid listing tracked
files in .gitignore files.
Normally, when a 'resquery_t' object is created in fctx_query(),
we call dns_adb_beginudpfetch() (which increases the ADB quota)
only if it's a UDP query. Then, in fctx_cancelquery(), we call
dns_adb_endudpfetch() to decreases back the ADB quota, again only
if it's a UDP query.
The problem is that a UDP query can become a TCP query, preventing
the quota from adjusting back in fctx_cancelquery() later.
Call dns_adb_beginudpfetch() also when switching the query type
from UDP to TCP.
Rename isc_tlsctx_cache_new() to isc_tlsctx_cache_create(), tlsctx_client_session_cache_new() to tlsctx_client_session_create()
Closes#3748
See merge request isc-projects/bind9!7269
Additionally to renaming, it changes the function definition so that
it accepts a pointer to pointer instead of returning a pointer to the
new object.
It is mostly done to make it in line with other functions in the
module.
Additionally to renaming, it changes the function definition so that
it accepts a pointer to pointer instead of returning a pointer to the
new object.
It is mostly done to make it in line with other functions in the
module.
