Commit Graph

35374 Commits

Author SHA1 Message Date
Tom Krizek
9cfc8da487 Check for proper log message in kasp test
The log message is supposed to contain the zone name which was
erroneously omitted, but didn't pop up during tests, since return code
was silently ignored.

Now it actually waits for the proper log message rather than being an
equivalent of 3 second sleep (which was also sufficient to make the test
pass, thus we detected no failure).

(cherry picked from commit 1dd4c2b9e2)
2023-06-26 13:08:09 +02:00
Michal Nowak
678bfc4ce0 Merge tag 'v9.16.42' into bind-9.16
BIND 9.16.42
2023-06-21 20:24:59 +02:00
Michał Kępień
3e1776ed02 Merge branch '2354-add-a-tool-for-reproducing-isc-spnego-bugs-9.16' into 'bind-9.16'
[9.16] [CVE-2020-8625] [CVE-2021-25216] Add a tool for reproducing ISC SPNEGO bugs

See merge request isc-projects/bind9!8043
2023-06-19 09:09:08 +00:00
Michał Kępień
731a736a91 Add a tool for reproducing ISC SPNEGO bugs
Extend the "tsiggss" system test with reproducers for CVE-2020-8625 and
CVE-2021-25216.

(cherry picked from commit a47dc810f7)
2023-06-19 10:36:25 +02:00
Michał Kępień
746833318b Merge branch '4150-fix-entity-renumbering-in-parse_tsan.py-9.16' into 'bind-9.16'
[9.16] Fix entity renumbering in util/parse_tsan.py

See merge request isc-projects/bind9!8040
2023-06-15 14:23:04 +00:00
Michał Kępień
b4f7034074 Fix entity renumbering in util/parse_tsan.py
util/parse_tsan.py builds tables of mutexes, threads, and pointers it
finds in the TSAN report provided to it as a command-line argument and
then replaces all mentions of each of these entities so that they are
numbered sequentially in the processed report.  For example, this line:

    Cycle in lock order graph: M0 (...) => M5 (...) => M9 (...) => M0

is expected to become:

    Cycle in lock order graph: M1 (...) => M2 (...) => M3 (...) => M1

Problems arise when the gaps between mutex/thread identifiers present on
a single line are smaller than the total number of mutexes/threads found
by the script so far.  For example, the following line:

    Cycle in lock order graph: M0 (...) => M1 (...) => M2 (...) => M0

first gets turned into:

    Cycle in lock order graph: M1 (...) => M1 (...) => M2 (...) => M1

and then into:

    Cycle in lock order graph: M2 (...) => M2 (...) => M2 (...) => M2

In other words, lines like this become garbled due to information loss.

The problem stems from the fact that the numbering scheme the script
uses for identifying mutexes and threads is exactly the same as the one
used by TSAN itself.  Update util/parse_tsan.py so that it uses
zero-padded numbers instead, making the "overlapping" demonstrated above
impossible.

(cherry picked from commit 7f0790c82f)
2023-06-15 16:20:11 +02:00
Tom Krizek
e96a82ac72 Merge branch 'tkrizek/respdiff-threshold-9.16' into 'bind-9.16'
Adjust the respdiff failure threshold for a new dataset

See merge request isc-projects/bind9!8032
2023-06-15 08:19:13 +00:00
Tom Krizek
999850821e Adjust the respdiff failure threshold for a new dataset
This is just a slight tweak for the respdiff CI test. The new dataset
has a different set of queries and it results in a slightly more
SERVFAILs rather than timeouts in the respdiff-long-third-party test.

In our comparison script, timeouts are not counted towards the
threshold. While the total number of differences remains roughly the
same, the different distributions of them (among SERVFAIL vs timeout)
warrants a slight bump in the threshold in order to avoid test failures.

Related isc-private/bind-qa!65
2023-06-14 11:02:39 +02:00
Tom Krizek
72394b2e38 Merge branch '4117-serve-stale-check-9.16' into 'bind-9.16'
[9.16] Avoid false positive in serve-stale system test check

See merge request isc-projects/bind9!8028
2023-06-13 12:54:30 +00:00
Tom Krizek
328d0a1d0a Avoid false positive in serve-stale system test check
The purpose of the check is to verify the server has survived the
previous barrage of queries. This is done by sending a query and
checking we get a NOERROR response back.

Previously, that query could've been affected by a servfail cache - the
server would return a SERVFAIL answer, thus failing the check, despite
being up and running. Use version.bind txt ch query to avoid the
interference of servfail cache.

(cherry picked from commit dd7bcd2855)
2023-06-13 14:16:44 +02:00
Michal Nowak
a6b90215a8 Merge branch 'mnowak/set-up-version-and-release-notes-for-bind-9.16.43' into 'bind-9.16'
Set up version and release notes for BIND 9.16.43

See merge request isc-projects/bind9!8023
2023-06-12 15:17:44 +00:00
Michal Nowak
fdea64f057 Set up release notes for BIND 9.16.43 2023-06-12 17:06:23 +02:00
Michal Nowak
848e87150a Update BIND version to 9.16.43-dev 2023-06-12 17:05:03 +02:00
Michal Nowak
a62d1bd69a prep 9.16.42 v9.16.42 2023-06-09 16:35:17 +02:00
Michal Nowak
2832418fc3 Merge branch 'mnowak/prepare-documentation-for-bind-9.16.42' into 'security-bind-9.16'
Prepare documentation for BIND 9.16.42

See merge request isc-private/bind9!544
2023-06-09 14:32:44 +00:00
Michal Nowak
606af41ced Tweak and reword release notes 2023-06-09 16:18:38 +02:00
Michal Nowak
35a43186a6 Prepare release notes for BIND 9.16.42 2023-06-09 16:13:28 +02:00
Michal Nowak
3c8b9d8576 Merge branch '4089-confidential-stale-query-loop-bind-9.16' into 'security-bind-9.16'
[9.16] [CVE-2023-2911] Fix stale-answer-client-timeout 0 crash

See merge request isc-private/bind9!533
2023-06-09 14:01:35 +00:00
Evan Hunt
b226745c0f CHANGES and release notes for [GL #4089] 2023-06-09 15:53:16 +02:00
Matthijs Mekking
c003c5bc3c Fix serve-stale hang at shutdown
The 'refresh_rrset' variable is used to determine if we can detach from
the client. This can cause a hang on shutdown. To fix this, move setting
of the 'nodetach' variable up to where 'refresh_rrset' is set (in
query_lookup(), and thus not in ns_query_done()), and set it to false
when actually refreshing the RRset, so that when this lookup is
completed, the client will be detached.
2023-06-09 15:53:10 +02:00
Evan Hunt
0101e28f91 Stale answer lookups could loop when over recursion quota
When a query was aborted because of the recursion quota being exceeded,
but triggered a stale answer response and a stale data refresh query,
it could cause named to loop back where we are iterating and following
a delegation. Having no good answer in cache, we would fall back to
using serve-stale again, use the stale data, try to refresh the RRset,
and loop back again, without ever terminating until crashing due to
stack overflow.

This happens because in the functions 'query_notfound()' and
'query_delegation_recurse()', we check whether we can fall back to
serving stale data. We shouldn't do so if we are already refreshing
an RRset due to having prioritized stale data in cache.

In other words, we need to add an extra check to 'query_usestale()' to
disallow serving stale data if we are currently refreshing a stale
RRset.

As an additional mitigation to prevent looping, we now use the result
code ISC_R_ALREADYRUNNING rather than ISC_R_FAILURE when a recursion
loop is encountered, and we check for that condition in
'query_usestale()' as well.
2023-06-09 15:52:51 +02:00
Michal Nowak
6ab8cc0e7c Merge branch '4055-improve-the-overmem-cache-cleaning-9.16' into 'security-bind-9.16'
[9.16] Improve RBT overmem cache cleaning

See merge request isc-private/bind9!528
2023-06-09 13:49:34 +00:00
Michal Nowak
0fa9acc2c0 Set max-cache-size expectations for low values 2023-06-08 14:41:19 +02:00
Ondřej Surý
a295566683 Add CHANGES and release note for [GL #4055] 2023-06-08 11:54:43 +02:00
Ondřej Surý
f1d9e9ee38 Improve RBT overmem cache cleaning
When cache memory usage is over the configured cache size (overmem) and
we are cleaning unused entries, it might not be enough to clean just two
entries if the entries to be expired are smaller than the newly added
rdata.  This could be abused by an attacker to cause a remote Denial of
Service by possibly running out of the operating system memory.

Currently, the addrdataset() tries to do a single TTL-based cleaning
considering the serve-stale TTL and then optionally moves to overmem
cleaning if we are in that condition.  Then the overmem_purge() tries to
do another single TTL based cleaning from the TTL heap and then continue
with LRU-based cleaning up to 2 entries cleaned.

Squash the TTL-cleaning mechanism into single call from addrdataset(),
but ignore the serve-stale TTL if we are currently overmem.

Then instead of having a fixed number of entries to clean, pass the size
of newly added rdatasetheader to the overmem_purge() function and
cleanup at least the size of the newly added data.  This prevents the
cache going over the configured memory limit (`max-cache-size`).

Additionally, refactor the overmem_purge() function to reduce for-loop
nesting for readability.
2023-06-06 14:23:16 +02:00
Evan Hunt
81c5f12e2f Merge branch '4114-include-doc-bind-9.16' into 'bind-9.16'
remove accidentally-backported "include" doc

See merge request isc-projects/bind9!8001
2023-06-05 19:25:54 +00:00
Evan Hunt
fd7f68c5a8 remove accidentally-backported "include" doc
glob-expansion of filenames in "include" statements was added
in bind 9.18 but was accidentally mentioned in the bind 9.16 ARM.
2023-06-05 12:05:35 -07:00
Michal Nowak
7795e6663e Merge branch 'mnowak/windows-disable-minimal-update-check-with-no-keys' into 'bind-9.16'
Disable minimal update check with no keys on Windows

See merge request isc-projects/bind9!7996
2023-06-01 15:43:07 +00:00
Michal Nowak
ca57ddf53e Disable minimal update check with no keys on Windows
The $t1 value equals $t2 due to the time elapsed between "rndc
managed-keys status" calls being equal to the normal active refresh
period (as calculated per rules listed in RFC 5011 section 2.3) minus an
"hour" (as set using -T mkeytimers). This value equality is expected to
happen on really slow machines. On our Windows CI runner, it happens
very often.
2023-05-31 14:25:02 +02:00
Michal Nowak
adb71afffe Merge branch 'mnowak/alpine-3.18-9.16' into 'bind-9.16'
[9.16] Add Alpine Linux 3.18

See merge request isc-projects/bind9!7995
2023-05-31 10:16:33 +00:00
Michal Nowak
4f825f3d4f Add Alpine Linux 3.18
(cherry picked from commit ddb846454d)
2023-05-31 12:07:37 +02:00
Michal Nowak
b5d894a11d Merge branch '4034-heap-use-after-free-error-workaround' into 'bind-9.16'
Workaround heap-use-after-free error in process_sendevent()

See merge request isc-projects/bind9!7979
2023-05-31 09:41:16 +00:00
Michal Nowak
a396325ae3 Workaround heap-use-after-free error in process_sendevent()
This is a workaround of a permanent CI failure after GitLab CI migration
to AWS.
2023-05-31 11:19:39 +02:00
Michal Nowak
497a2fe694 Merge branch 'mnowak/custom-userspace-rcu-library-9.16' into 'bind-9.16'
[9.16] Change images for TSAN jobs

See merge request isc-projects/bind9!7988
2023-05-30 19:27:34 +00:00
Michal Nowak
42cded2713 Change images for TSAN jobs
Fedora 38 and Debian "bullseye" images were "forked" to images used only
for TSAN CI jobs. The new images contain TSAN-aware liburcu that does
not fit well with ASAN CI jobs for which original images were also used.

liburcu is not used in this branch, but images are shared among
branches, and their use needs to be consistent in all maintained
branches.

(cherry picked from commit 04dda8661f)
2023-05-30 20:45:09 +02:00
Matthijs Mekking
b933b55ead Merge branch '3950-serve-stale-strikes-again-v9.16' into 'bind-9.16'
[9.16] Fix serve-stale bug when cache has no data

See merge request isc-projects/bind9!7982
2023-05-30 15:06:51 +00:00
Matthijs Mekking
10f5d78d27 Add release note and changes for #3950
Fixing another serve-stale bug is still news.

(cherry picked from commit 23dbb6ba72)
2023-05-30 16:07:43 +02:00
Matthijs Mekking
2cce83e0d7 Fix serve-stale bug when cache has no data
We recently fixed a bug where in some cases (when following an
expired CNAME for example), named could return SERVFAIL if the target
record is still valid (see isc-projects/bind9#3678, and
isc-projects/bind9!7096). We fixed this by considering non-stale
RRsets as well during the stale lookup.

However, this triggered a new bug because despite the answer from
cache not being stale, the lookup may be triggered by serve-stale.
If the answer from database is not stale, the fix in
isc-projects/bind9!7096 erroneously skips the serve-stale logic.

Add 'answer_found' checks to the serve-stale logic to fix this issue.

(cherry picked from commit bbd163acf6)
2023-05-30 15:32:24 +02:00
Matthijs Mekking
2d5b975f3a Add serve-stale test case for GL #3950
Add a test case where when priming the cache with a slow authoritative
resolver, the stale-answer-client-timeout option should not return
a delegation to the client (it should wait until an applicable answer
is found, if no entry is found in the cache).

(cherry picked from commit c3d4fd3449)
2023-05-30 15:32:24 +02:00
Michal Nowak
1732aaccc4 Merge branch 'mnowak/gitlab-runner-autoscaling-9.16' into 'bind-9.16'
[9.16] Run most Docker CI jobs in AWS with autoscaler

See merge request isc-projects/bind9!7970
2023-05-26 10:00:37 +00:00
Michal Nowak
3096bc162d Run most Docker CI jobs in AWS with autoscaler
All but the "respdiff-long" job, for which our AWS instances do not have
enough memory, are now being spawned in the AWS by the autoscaler
executor.

(cherry picked from commit f09cf69594)
2023-05-26 11:55:54 +02:00
Michal Nowak
5e984fdbe5 Merge branch 'mnowak/get_core_dumps-fix-misplaced-tsan-line-9.16' into 'bind-9.16'
[9.16] TSAN summarising line was misplaced in run.sh

See merge request isc-projects/bind9!7950
2023-05-19 12:58:52 +00:00
Michal Nowak
f00a212cb8 TSAN summarising line was misplaced in run.sh
The line summarising TSAN reports was misplaced in the ASAN territory
and thus never used.

I also made core dumps, assertion failures, and TSAN reports detection
independent of each other.

(cherry picked from commit 0c4c7ddec4)
2023-05-19 14:55:23 +02:00
Michal Nowak
0c2ef4ab80 Merge branch 'mnowak/danger-test-pairwise-hint-9.16' into 'bind-9.16'
[9.16] Add a friendly Danger plea to run the pairwise CI job

See merge request isc-projects/bind9!7954
2023-05-19 12:41:34 +00:00
Michal Nowak
dd996601d0 Add a friendly Danger plea to run the pairwise CI job
Sometimes a pairwise definition for a new ./configure switch is added
but not tested in the CI.

(cherry picked from commit 96563c6020)
2023-05-19 14:34:54 +02:00
Michal Nowak
f905df3b7c Merge branch 'mnowak/fedora-38-9.16' into 'bind-9.16'
[9.16] Add Fedora 38

See merge request isc-projects/bind9!7952
2023-05-19 12:10:55 +00:00
Michal Nowak
f3a98ae6bd Add Fedora 38
(cherry picked from commit 2e0550970b)
2023-05-19 14:05:45 +02:00
Michal Nowak
5554e4e57d Merge branch '4076-nsupdate-disable-too-many-DNS-UPDATEs-queued-check-on-windows' into 'bind-9.16'
Disable exceeded quota check on Windows

See merge request isc-projects/bind9!7943
2023-05-18 15:13:24 +00:00
Michal Nowak
4078347d80 Disable exceeded quota check on Windows
This check is too unstable on Windows. Given the bind-9.16 branch is in
security fixes-only mode, something unlikely to be investigated before
the branch goes EOL.
2023-05-18 16:57:55 +02:00
Michał Kępień
e737e2b523 Merge tag 'v9.16.41' into bind-9.16
BIND 9.16.41
2023-05-18 14:17:30 +02:00