ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
36,912 Commits 589 Branches 805 Tags
856c0e78a9041b9c532b56de9ad01acdc50bd140
Commit Graph

36912 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthijs Mekking
856c0e78a9 Test checkconf NSEC3 and incompatible algorithm 
The check code for this already exists, but was untested.
 2022-08-19 17:00:10 +02:00
Arаm Sаrgsyаn
a308418d4a Merge branch '3463-httpd.c-non-empty-post-requests-bugfix' into 'main' 
Fix statistics channel multiple request processing with non-empty HTTP bodies

Closes #3463

See merge request isc-projects/bind9!6597
 2022-08-19 08:32:41 +00:00
Aram Sargsyan
dc9b0ea6a6 Add pipelined POST requests check in the statschannel system test 
Use `nc` to check that multiple POST requests with non-empty HTTP
body are serviced normally by the statistics channel.
 2022-08-19 08:11:44 +00:00
Aram Sargsyan
3e28d364f6 Replace expr commands with $((expression)) shell constucts 
Update the "statschannel" system test to use the $((expression))
shell constucts instead of executing the `expr` program.
 2022-08-19 08:11:44 +00:00
Aram Sargsyan
9885306d9a Add CHANGES not for [GL #3463] 2022-08-19 08:11:42 +00:00
Aram Sargsyan
8c4cdd9b21 Fix statistics channel multiple request processing with non-empty bodies 
When the HTTP request has a body part after the HTTP headers, it is
not getting processed and is being prepended to the next request's data,
which results in an error when trying to parse it.

Improve the httpd.c:process_request() function with the following
additions:

1. Require that HTTP POST requests must have Content-Length header.
2. When Content-Length header is set, extract its value, and make sure
   that it is valid and that the whole request's body is received before
   processing the request.
3. Discard the request's body by consuming Content-Length worth of data
   in the buffer.
 2022-08-19 08:10:54 +00:00
Aram Sargsyan
86b8e62106 Enhance the have_header() function to find the HTTP header's value 
Add a new `const char **fvalue` parameter to the httpd.c:have_header()
function which, when set, will point to the found header's value.
 2022-08-19 08:10:54 +00:00
Mark Andrews
1c19a6aae8 Merge branch 'bug/main/delv-cfg_parser_reset' into 'main' 
Reset bind.keys parser after error on file

See merge request isc-projects/bind9!6468
 2022-08-19 05:15:14 +00:00
Mark Andrews
dc8fcbf013 Add CHANGES entry for [GL !6468] 2022-08-19 14:55:26 +10:00
Petr Menšík
65d7427b17 Reset parser before parsing of internal trust anchor 
It might be reused if /etc/bind.keys exists, but failed correct parsing.
Release traces of previous parsing attempt of different data.
 2022-08-19 14:36:47 +10:00
Mark Andrews
866664d79c Merge branch '3499-duration-c-66-6-warning-array-subscript-is-of-type-char-on-netbsd-9' into 'main' 
Resolve "duration.c:66:6: warning: array subscript is of type 'char' on NetBSD 9"

Closes #3499

See merge request isc-projects/bind9!6685
 2022-08-19 02:28:45 +00:00
Mark Andrews
ea13820023 Silence negative array index warning with toupper 
Cast to (unsigned char).
 2022-08-19 11:16:00 +10:00
Michal Nowak
ee72d4f2f0 Merge branch 'mnowak/freebsd-13.1' into 'main' 
Add FreeBSD 13.1

See merge request isc-projects/bind9!6656
 2022-08-18 15:28:21 +00:00
Michal Nowak
cfee4ce4f6 Add FreeBSD 13.1 2022-08-18 17:11:14 +02:00
Artem Boldariev
0c8dee7ec3 Merge branch 'artem-dig-http-plain-get-post-support-fix' into 'main' 
DIG: fix handling of +http-plain-get and +http-plain-post options

See merge request isc-projects/bind9!6672
 2022-08-18 11:22:25 +00:00
Artem Boldariev
26a66d095c Modify CHANGES (+http-plain-{get, post} support fix in dig) 
This commit modifies the CHANGES file to mention that +http-plain-get
and +http-plain-post options support in dig was fixed.
 2022-08-18 13:43:00 +03:00
Artem Boldariev
0c6b1f8e8f Modify the doth system test to verify HTTP method usage 
Before the commit some checks in the system test would try to verify
that different HTTP methods can be used and are functional. However,
until recently, it was not possible to tell from the output which
method was in fact used, so it turned out that +http-plain-get option
is broken.

This commit add the additional checks to prevent that from happening
in the future.
 2022-08-18 13:34:22 +03:00
Artem Boldariev
bd29705a9f DIG: mark HTTP GET method in output 
This commit makes dig mark the usage of HTTP(S) GET protocol usage in
its output.
 2022-08-18 13:34:22 +03:00
Artem Boldariev
b2f2fed65b DIG: fix handling of +http-plain-{get, post} options 
Support for parsing +http-plain-get and +http-plain-post options was
broken. This commit fixes that.
 2022-08-18 13:34:21 +03:00
Michal Nowak
ffcee7c5b7 Merge tag 'v9_19_4' 
BIND 9.19.4
 2022-08-18 11:29:56 +02:00
Arаm Sаrgsyаn
7b7a052378 Merge branch '3491-placeholder' into 'main' 
Add placeholder for [GL #3491]

See merge request isc-projects/bind9!6679
 2022-08-18 09:12:34 +00:00
Aram Sargsyan
809dd3298c Add placeholder for [GL #3491] 2022-08-18 09:07:52 +00:00
Mark Andrews
c64fe6e3ae Merge branch '3494-dnssec-awk-test-is-not-precise-enough' into 'main' 
Resolve "DNSSEC awk test is not precise enough"

Closes #3494

See merge request isc-projects/bind9!6668
 2022-08-18 03:41:17 +00:00
Mark Andrews
8fe2876297 Improve awk tests to prevent false negatives 
The old code could incorrectly match "INSOA" in the RRSIG rdata
when looking for the SOA record.
 2022-08-18 02:56:57 +00:00
Michal Nowak
786552e890 Merge branch 'mnowak/coverity-scan-2022.06' into 'main' 
Use Coverity Scan 2022.06

See merge request isc-projects/bind9!6670
 2022-08-17 13:55:20 +00:00
Michal Nowak
fd74334bc0 Use Coverity Scan 2022.06 2022-08-17 10:34:14 +02:00
Michal Nowak
bac62ab62a Merge branch 'mnowak/openbsd-7.1' into 'main' 
Add OpenBSD 7.1

See merge request isc-projects/bind9!6663
 2022-08-16 15:01:20 +00:00
Michal Nowak
593bed4ed0 Add OpenBSD 7.1 2022-08-16 16:30:00 +02:00
Arаm Sаrgsyаn
924be16b88 Merge branch '3489-cid-355779-dynbuf-cannot-be-null' into 'main' 
Fix CID 355779: dynbuf cannot be NULL

Closes #3489

See merge request isc-projects/bind9!6652
 2022-08-16 08:15:35 +00:00
Aram Sargsyan
2e01162258 Refactor tkey.c:buildquery() error handling 
After an earlier code cleanup, `dns_rdatalist_tordataset()` always
succeeds, so the `RETERR` error handling macro below the function
call was removed. After that change the `dynbuf` variable can never
be `NULL` in the error handling code path under the `failure` label.

    *** CID 355779:  Null pointer dereferences  (REVERSE_INULL)
    /lib/dns/tkey.c: 997 in buildquery()
    991                 dns_message_puttempname(msg, &aname);
    992         }
    993         if (question != NULL) {
    994                 dns_rdataset_disassociate(question);
    995                 dns_message_puttemprdataset(msg, &question);
    996         }
    >>>     CID 355779:  Null pointer dereferences  (REVERSE_INULL)
    >>>     Null-checking "dynbuf" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    997         if (dynbuf != NULL) {
    998                 isc_buffer_free(&dynbuf);
    999         }
    1000        return (result);
    1001     }
    1002

Refactor the `buildquery()` function to simplify its error handling.
 2022-08-16 07:36:12 +00:00
Arаm Sаrgsyаn
5604d942fb Merge branch '3492-fix-tkey.c-buildquery-cleanup' into 'main' 
Fix tkey.c:buildquery() function's error handling

Closes #3492

See merge request isc-projects/bind9!6661
 2022-08-16 07:15:09 +00:00
Aram Sargsyan
144fcc387a Add CHANGES note for [GL #3492] 2022-08-15 11:45:18 +00:00
Aram Sargsyan
d38931f397 Fix tkey.c:buildquery() function's error handling 
Add the missing cleanup code.
 2022-08-15 11:44:53 +00:00
Matthijs Mekking
cf7efbb3dd Merge branch '3381-dnssec-policy-explicit-inline-signing' into 'main' 
dnssec-policy now requires inline-signing

Closes #3385

See merge request isc-projects/bind9!6403
 2022-08-15 10:20:49 +00:00
Matthijs Mekking
fece593403 Add change and release note for #3381 
Because folks want to know.
 2022-08-15 11:44:20 +02:00
Matthijs Mekking
d447b1b58c Remove implicit inline-signing code 
Remove the code that sets implicit inline-signing on zones using
dnssec-policy.
 2022-08-15 11:44:20 +02:00
Matthijs Mekking
d62439e2ec Update system tests 
Update checkconf and kasp related system tests after requiring
inline-signing.
 2022-08-15 11:44:20 +02:00
Matthijs Mekking
fa1d24c03a dnssec-policy now requires inline-signing 
Having implicit inline-signing set for dnssec-policy when there is no
update policy is confusing, so lets make this explicit.
 2022-08-15 10:05:39 +02:00
Mark Andrews
505d8fa1ee Merge branch 'marka-placeholder' into 'main' 
Add placeholders for [GL #3487]

See merge request isc-projects/bind9!6659
 2022-08-15 00:30:47 +00:00
Mark Andrews
4906beef98 Add placeholders for [GL #3487] 2022-08-15 10:26:27 +10:00
Evan Hunt
1f8cba67e3 Merge branch '3488-prevent-adb-dump-race' into 'main' 
Lock the address entry bucket when dumping ADB namehook

Closes #3488, #3424, and #3425

See merge request isc-projects/bind9!6655
 2022-08-12 22:20:01 +00:00
Evan Hunt
e79be4bd8a Lock the address entry bucket when dumping ADB namehook 
When dumping an ADB address entry associated with a name,
the name bucket lock was held, but the entry bucket lock was
not; this could cause data races when other threads were updating
address entry info. (These races are probably not operationally
harmful, but they triggered TSAN error reports.)
 2022-08-12 14:47:50 -07:00
Michal Nowak
86c0241376 Merge branch '3348-move-pkcs11-interface-test-to-debian' into 'main' 
Move OpenSSL-based PKCS#11 interface job to Debian "bullseye"

Closes #3348

See merge request isc-projects/bind9!6322
 2022-08-11 18:31:02 +00:00
Michal Nowak
ab6a3f9868 Move OpenSSL-based PKCS#11 interface job to Debian "bullseye" 
Fedora 36 uses OpenSSL 3.0.2 by default, but the OpenSSL engine API
which we use for PKCS#11 is deprecated in OpenSSL 3.0.0. For the
keyfromlabel system test to work operating system with OpenSSL 1.1 needs
to be used.
 2022-08-11 18:07:39 +02:00
Michal Nowak
9aa40a735e Merge branch '3458-reintroduce-without-cmocka-and-without-gssapi' into 'main' 
Configure Ubuntu 18.04 "bionic" without cmocka and GSS-API

Closes #3458

See merge request isc-projects/bind9!6631
 2022-08-11 15:56:50 +00:00
Michal Nowak
c0d997e5c4 Configure Ubuntu 18.04 "bionic" without cmocka and GSS-API 
--without-cmocka and --without-gssapi ./configure options have been lost
when Debian 9 "stretch" was dropped from the CI. This reintroduces them,
albeit to a slightly different platform.
 2022-08-11 14:38:11 +02:00
Michal Nowak
c3777ac51c Merge branch 'mnowak/fix-mkeys-to-work-with-DEFAULT_ALGORITHM-properly' into 'main' 
Fix mkeys to work with DEFAULT_ALGORITHM properly

See merge request isc-projects/bind9!6646
 2022-08-10 12:05:50 +00:00
Mark Andrews
286061fc54 Fix mkeys to work with DEFAULT_ALGORITHM properly 
Stop using a RSASHA1 fixed key in ns3's named.conf as the
trusted key and instead compute a broken digest from the
real digest to use in trusted-keys.
 2022-08-10 12:46:06 +02:00
Evan Hunt
46f095a42a Merge branch '3483-memstat-assertion' into 'main' 
fix overflow error in mem_putstats()

Closes #3483

See merge request isc-projects/bind9!6641
 2022-08-09 18:20:11 +00:00
Evan Hunt
9d9bd3ace2 fix overflow error in mem_putstats() 
an integer overflow could cause an assertion failure when
freeing memory.
 2022-08-09 10:59:43 -07:00