Commit Graph

35036 Commits

Author SHA1 Message Date
Mark Andrews
3cd0c32b0a Move the mapping of SIG and RRSIG to ANY
dns_db_findext() asserts if RRSIG is passed to it and
query_lookup_stale() failed to map RRSIG to ANY to prevent this.  To
avoid cases like this in the future, move the mapping of SIG and RRSIG
to ANY for qctx->type to qctx_init().

(cherry picked from commit 56eae06418)
2023-01-12 12:33:28 +01:00
Michał Kępień
82185f4f80 Merge branch '3523-confidential-update-quota-v9_16' into 'security-v9_16'
[9.16] [CVE-2022-3094] apply quotas to updates

See merge request isc-private/bind9!491
2023-01-12 11:22:23 +00:00
Evan Hunt
9fed0e0115 CHANGES and release notes for [GL #3523]
(cherry picked from commit 991de0aa76)
2023-01-12 12:21:36 +01:00
Evan Hunt
8c78511e9a test failure conditions
verify that updates are refused when the client is disallowed by
allow-query, and update forwarding is refused when the client is
is disallowed by update-forwarding.

verify that "too many DNS UPDATEs" appears in the log file when too
many simultaneous updates are processing.

(cherry picked from commit b91339b80e)
2023-01-12 12:21:36 +01:00
Evan Hunt
eb98d96481 move update ACL and update-policy checks before quota
check allow-update, update-policy, and allow-update-forwarding before
consuming quota slots, so that unauthorized clients can't fill the
quota.

(this moves the access check before the prerequisite check, which
violates the precise wording of RFC 2136. however, RFC co-author Paul
Vixie has stated that the RFC is mistaken on this point; it should have
said that access checking must happen *no later than* the completion of
prerequisite checks, not that it must happen exactly then.)

(cherry picked from commit 964f559edb)
2023-01-12 12:21:36 +01:00
Evan Hunt
7fe2204a2e add a configuration option for the update quota
add an "update-quota" option to configure the update quota.

(cherry picked from commit f57758a730)
2023-01-12 12:21:36 +01:00
Evan Hunt
35711a29e5 add an update quota
limit the number of simultaneous DNS UPDATE events that can be
processed by adding a quota for update and update forwarding.
this quota currently, arbitrarily, defaults to 100.

also add a statistics counter to record when the update quota
has been exceeded.

(cherry picked from commit 7c47254a14)
2023-01-12 12:21:36 +01:00
Ondřej Surý
afc49c62e0 Merge branch '3744-catz-small-update-to-large-catz-causes-cpu-spike' into 'v9_16'
[9.16] Increase catalog zone entries hash table's bits size

See merge request isc-projects/bind9!7357
2023-01-11 18:06:11 +00:00
Aram Sargsyan
60dece8277 Increase catalog zone entries hash table's bits size
The hash table implementation in the current branch does not
support automatic resize operation, so the initial value of
the table should be chosen carefully.

Catalog zones entries hash table's size is currently only 4 bits,
which is very low for a catalog zone with thousands of entries,
and causes CPU consumption spikes when working with the hash
table to add/delete/search entries.

Use 16 bits instead, which should make working with big catalog
zones much faster at the expense of slightly higher memory usage,
i.e. 512 KiB for a 64-bit system for each catalog zone.
2023-01-11 17:26:26 +00:00
Arаm Sаrgsyаn
5823dacba8 Merge branch 'aram/dns_fwdtable_addfwd-cleanup-bugfix-v9_16' into 'v9_16'
[9.16] Fix dns_fwdtable_addfwd() error path cleanup bug

See merge request isc-projects/bind9!7353
2023-01-11 14:15:20 +00:00
Aram Sargsyan
144135415b Use sizeof(*ptr) for allocating/freeing memory in forward.c
As shown in the previous commit, using sizeof(type_t) is a little
bit more error-prone when copy-pasting code, so extracting the
size information from the pointer which is being dealt with seems
like a better alternative.

(cherry picked from commit cf4003fa58)
2023-01-11 13:42:00 +00:00
Aram Sargsyan
1950629ffa Fix dns_fwdtable_addfwd() error path cleanup bug
Free 'sizeof(dns_forwarder_t)' bytes of memory instead of
'sizeof(dns_sockaddr_t)' bytes, because `fwd` is a pointer
to a 'dns_forwarder_t' type structure.

(cherry picked from commit 0cc1b06d98)
2023-01-11 13:42:00 +00:00
Arаm Sаrgsyаn
56281e968d Merge branch '3768-dns_zonemgr-use-after-free-v9_16' into 'v9_16'
[9.16] Fix a use-after-free bug in dns_zonemgr_releasezone()

See merge request isc-projects/bind9!7352
2023-01-11 13:01:40 +00:00
Aram Sargsyan
1cab382d17 Add a CHANGES note for [GL #3768]
(cherry picked from commit d50cb1d45d)
2023-01-11 12:17:38 +00:00
Aram Sargsyan
272afcd999 Fix a use-after-free bug in dns_zonemgr_releasezone()
The dns_zonemgr_releasezone() function makes a decision to destroy
'zmgr' (based on its references count, after decreasing it) inside
a lock, and then destroys the object outside of the lock.

This causes a race with dns_zonemgr_detach(), which could destroy
the object in the meantime.

Change dns_zonemgr_releasezone() to detach from 'zmgr' and destroy
the object (if needed) using dns_zonemgr_detach(), outside of the
lock.

(cherry picked from commit c1fc212253)
2023-01-11 12:17:27 +00:00
Evan Hunt
f57d21c01a Merge branch '3773-remove-dscp-v9_16' into 'v9_16'
[9.16] deprecate dscp configuration

See merge request isc-projects/bind9!7337
2023-01-10 19:46:39 +00:00
Evan Hunt
288e7332ed CHANGES and release note for [GL #3773] 2023-01-10 11:16:18 -08:00
Matthijs Mekking
0656395f25 Test deprecate dscp configuration
Add 'dscp' token and 'option' to deprecated.conf. It should trigger warnings
(except when deprecation warnings are being ignored).
2023-01-10 11:16:18 -08:00
Evan Hunt
0b40df8f8a deprecate dscp configuration
This commit deprecates the "dscp" configuration option and "dscp"
parameters to source-address configuration options (query-source,
transfer-source, etc.

(Note that the DSCP feature has not been fully operational since
the network manager was introduced in 9.16.0; outgoing DSCP values
can be configured, but incoming DSCP values are not detected.)
2023-01-10 11:16:18 -08:00
Michal Nowak
e929b3b54a Merge branch 'mnowak/abort-on-ubsan-errors-v9_16' into 'v9_16'
[9.16] Abort on UBSAN errors

See merge request isc-projects/bind9!7328
2023-01-10 10:23:28 +00:00
Michal Nowak
b276e76130 Abort on UBSAN errors
Previously, UBSAN errors might slip undetected.

(cherry picked from commit 1451bb7390)
2023-01-10 10:17:37 +01:00
Mark Andrews
7c51096f8b Merge branch '3787-siphash-c-105-26-runtime-error-applying-zero-offset-to-null-pointer-v9_16' into 'v9_16'
[9.16] Accept 'in=NULL' with 'inlen=0' in isc_{half}siphash24

See merge request isc-projects/bind9!7342

Backport of MR !7339
2023-01-10 08:18:01 +00:00
Mark Andrews
f1c08fe93b Accept 'in=NULL' with 'inlen=0' in isc_{half}siphash24
Arthimetic on NULL pointers is undefined.  Avoid arithmetic operations
when 'in' is NULL and require 'in' to be non-NULL if 'inlen' is not zero.

(cherry picked from commit 349c23dbb7)
2023-01-10 18:36:27 +11:00
Mark Andrews
cc11456017 Merge branch '3788-rbt-c-187-19-runtime-error-applying-zero-offset-to-null-pointer' into 'v9_16'
Resolve "rbt.c:187:19: runtime error: applying zero offset to null pointer"

See merge request isc-projects/bind9!7340
2023-01-10 07:19:39 +00:00
Mark Andrews
2a9300a3bc Don't perform arithmetic on NULL pointers
When node is NULL when calling getparent() et al. they return NULL
but performing arithmetic on the NULL pointer is undefined.  Check
if 'node' or 'header' is NULL and skip the adjustment.
2023-01-10 17:45:51 +11:00
Matthijs Mekking
802f700d5a Merge branch '3678-serve-stale-servfailing-unexpectedly-v9_16' into 'v9_16'
[9.16] Add serve-stale CNAME check with stale-answer-client-timeout off

See merge request isc-projects/bind9!7311
2023-01-09 13:31:24 +00:00
Michał Kępień
ba1306bfb4 Check for NULL before dereferencing qctx->rpz_st
Commit 9ffb4a7ba1 causes Clang Static
Analyzer to flag a potential NULL dereference in query_nxdomain():

    query.c:9394:26: warning: Dereference of null pointer [core.NullDereference]
            if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) {
                                    ^~~~~~~~~~~~~~~~~~~
    1 warning generated.

The warning above is for qctx->rpz_st potentially being a NULL pointer
when query_nxdomain() is called from query_resume().  This is a false
positive because none of the database lookup result codes currently
causing query_nxdomain() to be called (DNS_R_EMPTYWILD, DNS_R_NXDOMAIN)
can be returned by a database lookup following a recursive resolution
attempt.  Add a NULL check nevertheless in order to future-proof the
code and silence Clang Static Analyzer.

(cherry picked from commit 07592d1315)
(cherry picked from commit a4547a1093)
2023-01-09 13:57:44 +01:00
Aram Sargsyan
36a439b91e Add a CHANGES note for [GL #3678]
(cherry picked from commit 40dee61a1e)
2023-01-09 13:57:44 +01:00
Matthijs Mekking
2696267b1f Consider non-stale data when in serve-stale mode
With 'stale-answer-enable yes;' and 'stale-answer-client-timeout off;',
consider the following situation:

A CNAME record and its target record are in the cache, then the CNAME
record expires, but the target record is still valid.

When a new query for the CNAME record arrives, and the query fails,
the stale record is used, and then the query "restarts" to follow
the CNAME target. The problem is that the query's multiple stale
options (like DNS_DBFIND_STALEOK) are not reset, so 'query_lookup()'
treats the restarted query as a lookup following a failed lookup,
and returns a SERVFAIL answer when there is no stale data found in the
cache, even if there is valid non-stale data there available.

With this change, query_lookup() now considers non-stale data in the
cache in the first place, and returns it if it is available.

(cherry picked from commit 91a1a8efc5)
2023-01-09 13:57:43 +01:00
Aram Sargsyan
869abb768b Add serve-stale CNAME check with stale-answer-client-timeout off
Prime the cache with the following records:

    shortttl.cname.example.	1	IN	CNAME	longttl.target.example.
    longttl.target.example.	600	IN	A	10.53.0.2

Wait for the CNAME record to expire, disable the authoritative server,
and query 'shortttl.cname.example' again, expecting a stale answer.

(cherry picked from commit 537187bf2f)
2023-01-09 13:57:43 +01:00
Tony Finch
d14a22b3d9 Merge branch '3745-delzone-catz-v9_16' into 'v9_16'
[9.16] Don't crash when rndc delzone encounters a catz member

See merge request isc-projects/bind9!7298
2023-01-04 19:32:40 +00:00
Tony Finch
01788b8852 Don't crash when rndc delzone encounters a catz member
Try to remove the zone from the NZF config only if it was
dynamically added but not by a catalog zone.

(cherry picked from commit 9fa20d6f6c)
2023-01-04 18:04:53 +00:00
Michał Kępień
e255032a67 Merge branch 'michal/update-copyright-year-to-2023-v9_16' into 'v9_16'
[9.16] Update copyright year to 2023

See merge request isc-projects/bind9!7284
2023-01-02 13:30:04 +00:00
Michał Kępień
f7bd3bd2b6 Update copyright year to 2023
(cherry picked from commit 1a5d707f52)
2023-01-02 14:24:23 +01:00
Tom Krizek
9d18a5b496 Merge branch 'tkrizek/default-alg-9.16-fixes' into 'v9_16'
[9.16] Skip test algorithm randomization in certain cases

See merge request isc-projects/bind9!7268
2022-12-23 12:07:38 +00:00
Tom Krizek
28b6171424 Don't check algorithm support during configure step
The 9.16 version of ./configure calls bin/tests/system/cleanall.sh
unless --without-make-clean is used. The cleanall.sh script then
includes bin/tests/system/conf.sh, which includes
bin/tests/system/conf.sh.common. At that point, dnssec-keygen which is
used to detect algorithm support isn't compiled, so it can't be used.

More importantly, algorithm selection for system tests during the
./configure phase is irrelevant, so it can be safely skipped.
2022-12-23 12:37:48 +01:00
Tom Krizek
6950dfe003 Disable test algorithm randomization if Python is missing
This change is motivated by the fact that our Windows CI image doesn't
have a Python interpreter.
2022-12-23 12:37:46 +01:00
Tom Krizek
9e895462d1 Merge branch 'tkrizek/dangerfile-backport-tweaks-v9_16' into 'v9_16'
[9.16] danger CI: tweak backport check and add Affects label check

See merge request isc-projects/bind9!7271
2022-12-23 08:58:39 +00:00
Tom Krizek
122c3f00e9 danger: check the Affects labels are set
Unless the MR is a backport, the Affects labels should be used to
indicate which versions are affected by the issue that prompted the MR.

(cherry picked from commit 64d71a1f5f)
2022-12-23 09:53:34 +01:00
Tom Krizek
413e94f2ca danger: check version in MR title
Enforce the version indicator to be at the start of the MR title.

(cherry picked from commit d1172e011c)
2022-12-23 09:53:31 +01:00
Tom Krizek
fe08c7aa81 Merge branch 'tkrizek/default-alg-fixups-v9_16' into 'v9_16'
[9.16] Fix minor issues with DEFAULT_ALGORITHM selection in system tests

See merge request isc-projects/bind9!7267
2022-12-22 15:20:38 +00:00
Tom Krizek
527c69e2c9 Make Perl interpreter required for system tests
This change has no practical impact, as Perl was already required for
all system tests, this check only makes it more explicit.

(cherry picked from commit 084d72d1d5)

conf.sh.win32 was modified in addition of the mentioned commit.
2022-12-22 15:54:19 +01:00
Tom Krizek
2b93b47c32 Ensure test interpreters are defined before common config
Nothing from conf.sh.common is required to set these values. On the
contrary, a Python interpreter needs to be set in order to randomize the
algorithm set (which happens in conf.sh.common).

(cherry picked from commit 492992dca8)

conf.sh.win32 was modified in addition of the above mentioned commit.
2022-12-22 15:54:19 +01:00
Tom Krizek
4b32c5608a Force quiet mode when using testcrypto.sh directly
When testcrypto.sh is used as a standalone script, always use quiet mode
to avoid using undefined commands (such as echo_i) which require
inclusion of the entire conf.sh machinery.

(cherry picked from commit ba35a6df9c)
2022-12-22 15:54:17 +01:00
Tom Krizek
d9471c5f3c Merge branch '3503-random-default-algorithm-in-tests2-v9_16' into 'v9_16'
[9.16] Random selection of DEFAULT_ALGORITHM in system tests at runtime

See merge request isc-projects/bind9!7265
2022-12-22 14:54:01 +00:00
Tom Krizek
0eb789efba ci: disable algorithm support checking in softhsm
The algorithm support detection script doesn't seem to work when using
the SoftHSM module. For some reason, dnssec-keygen returns 'crypto
failure'. Since the tests themselves pass, this is likely to be some
bug/definiency in the test scripts that check algorithm support that get
confused by SoftHSM.

Since this issue only happens for the system:gcc:softhsm2.6 job in the
9.16 branch, use a workaround to not introduce this new feature for
this particular problematic job.
2022-12-22 15:17:41 +01:00
Tom Krizek
7324a7b5e4 Randomize algorithm selection for mkeys test
Use the ALGORITHM_SET option to use randomly selected default algorithm
in this test. Make sure the test works by using variables instead of
hard-coding values.

(cherry picked from commit f65f276f98)
2022-12-22 15:17:41 +01:00
Tom Krizek
aa5453f5e5 Set algorithms for system tests at runtime
Use the get_algorithms.py script to detect supported algorithms and
select random algorithms to use for the tests.

Make sure to load common.conf.sh after KEYGEN env var is exported.

(cherry picked from commit 69b608ee9f)
2022-12-22 15:17:41 +01:00
Tom Krizek
34497e2350 Script for random algorithm selection in system tests
Multiple algorithm sets can be defined in this script. These can be
selected via the ALGORITHM_SET environment variable. For compatibility
reasons, "stable" set contains the currently used algorithms, since our
system tests need some changes before being compatible with randomly
selected algorithms.

The script operation is similar to the get_ports.py - environment
variables are created and then printed out as `export NAME=VALUE`
commands, to be interpreted by shell. Once we support pytest runner for
system tests, this should be a fixture instead.

(cherry picked from commit 5f480c8485)
2022-12-22 15:17:41 +01:00
Tom Krizek
d45aa7581e Export env variables in system tests
Certain variables have to be exported in order for the system tests to
work. It makes little sense to export the variables in one place/script
while they're defined in another place.

Since it makes no harm, export all the variables to make the behaviour
more predictable and consistent. Previously, some variables were
exported as environment variables, while others were just shell
variables which could be used once the configuration was sourced from
another script. However, they wouldn't be exposed to spawned processes.

For simplicity sake (and for the upcoming effort to run system tests
with pytest), export all variables that are used. TESTS, PARALLEL_UNIX
and SUBDIRS variables are automake-specific, aren't used anywhere else
and thus not exported.

(cherry picked from commit 37d14c69c0)

conf.sh.win32 was modified in addition of the above mentioned commit.
2022-12-22 15:17:41 +01:00