Commit Graph

35361 Commits

Author SHA1 Message Date
Michal Nowak
a62d1bd69a prep 9.16.42 v9.16.42 2023-06-09 16:35:17 +02:00
Michal Nowak
2832418fc3 Merge branch 'mnowak/prepare-documentation-for-bind-9.16.42' into 'security-bind-9.16'
Prepare documentation for BIND 9.16.42

See merge request isc-private/bind9!544
2023-06-09 14:32:44 +00:00
Michal Nowak
606af41ced Tweak and reword release notes 2023-06-09 16:18:38 +02:00
Michal Nowak
35a43186a6 Prepare release notes for BIND 9.16.42 2023-06-09 16:13:28 +02:00
Michal Nowak
3c8b9d8576 Merge branch '4089-confidential-stale-query-loop-bind-9.16' into 'security-bind-9.16'
[9.16] [CVE-2023-2911] Fix stale-answer-client-timeout 0 crash

See merge request isc-private/bind9!533
2023-06-09 14:01:35 +00:00
Evan Hunt
b226745c0f CHANGES and release notes for [GL #4089] 2023-06-09 15:53:16 +02:00
Matthijs Mekking
c003c5bc3c Fix serve-stale hang at shutdown
The 'refresh_rrset' variable is used to determine if we can detach from
the client. This can cause a hang on shutdown. To fix this, move setting
of the 'nodetach' variable up to where 'refresh_rrset' is set (in
query_lookup(), and thus not in ns_query_done()), and set it to false
when actually refreshing the RRset, so that when this lookup is
completed, the client will be detached.
2023-06-09 15:53:10 +02:00
Evan Hunt
0101e28f91 Stale answer lookups could loop when over recursion quota
When a query was aborted because of the recursion quota being exceeded,
but triggered a stale answer response and a stale data refresh query,
it could cause named to loop back where we are iterating and following
a delegation. Having no good answer in cache, we would fall back to
using serve-stale again, use the stale data, try to refresh the RRset,
and loop back again, without ever terminating until crashing due to
stack overflow.

This happens because in the functions 'query_notfound()' and
'query_delegation_recurse()', we check whether we can fall back to
serving stale data. We shouldn't do so if we are already refreshing
an RRset due to having prioritized stale data in cache.

In other words, we need to add an extra check to 'query_usestale()' to
disallow serving stale data if we are currently refreshing a stale
RRset.

As an additional mitigation to prevent looping, we now use the result
code ISC_R_ALREADYRUNNING rather than ISC_R_FAILURE when a recursion
loop is encountered, and we check for that condition in
'query_usestale()' as well.
2023-06-09 15:52:51 +02:00
Michal Nowak
6ab8cc0e7c Merge branch '4055-improve-the-overmem-cache-cleaning-9.16' into 'security-bind-9.16'
[9.16] Improve RBT overmem cache cleaning

See merge request isc-private/bind9!528
2023-06-09 13:49:34 +00:00
Michal Nowak
0fa9acc2c0 Set max-cache-size expectations for low values 2023-06-08 14:41:19 +02:00
Ondřej Surý
a295566683 Add CHANGES and release note for [GL #4055] 2023-06-08 11:54:43 +02:00
Ondřej Surý
f1d9e9ee38 Improve RBT overmem cache cleaning
When cache memory usage is over the configured cache size (overmem) and
we are cleaning unused entries, it might not be enough to clean just two
entries if the entries to be expired are smaller than the newly added
rdata.  This could be abused by an attacker to cause a remote Denial of
Service by possibly running out of the operating system memory.

Currently, the addrdataset() tries to do a single TTL-based cleaning
considering the serve-stale TTL and then optionally moves to overmem
cleaning if we are in that condition.  Then the overmem_purge() tries to
do another single TTL based cleaning from the TTL heap and then continue
with LRU-based cleaning up to 2 entries cleaned.

Squash the TTL-cleaning mechanism into single call from addrdataset(),
but ignore the serve-stale TTL if we are currently overmem.

Then instead of having a fixed number of entries to clean, pass the size
of newly added rdatasetheader to the overmem_purge() function and
cleanup at least the size of the newly added data.  This prevents the
cache going over the configured memory limit (`max-cache-size`).

Additionally, refactor the overmem_purge() function to reduce for-loop
nesting for readability.
2023-06-06 14:23:16 +02:00
Evan Hunt
81c5f12e2f Merge branch '4114-include-doc-bind-9.16' into 'bind-9.16'
remove accidentally-backported "include" doc

See merge request isc-projects/bind9!8001
2023-06-05 19:25:54 +00:00
Evan Hunt
fd7f68c5a8 remove accidentally-backported "include" doc
glob-expansion of filenames in "include" statements was added
in bind 9.18 but was accidentally mentioned in the bind 9.16 ARM.
2023-06-05 12:05:35 -07:00
Michal Nowak
7795e6663e Merge branch 'mnowak/windows-disable-minimal-update-check-with-no-keys' into 'bind-9.16'
Disable minimal update check with no keys on Windows

See merge request isc-projects/bind9!7996
2023-06-01 15:43:07 +00:00
Michal Nowak
ca57ddf53e Disable minimal update check with no keys on Windows
The $t1 value equals $t2 due to the time elapsed between "rndc
managed-keys status" calls being equal to the normal active refresh
period (as calculated per rules listed in RFC 5011 section 2.3) minus an
"hour" (as set using -T mkeytimers). This value equality is expected to
happen on really slow machines. On our Windows CI runner, it happens
very often.
2023-05-31 14:25:02 +02:00
Michal Nowak
adb71afffe Merge branch 'mnowak/alpine-3.18-9.16' into 'bind-9.16'
[9.16] Add Alpine Linux 3.18

See merge request isc-projects/bind9!7995
2023-05-31 10:16:33 +00:00
Michal Nowak
4f825f3d4f Add Alpine Linux 3.18
(cherry picked from commit ddb846454d)
2023-05-31 12:07:37 +02:00
Michal Nowak
b5d894a11d Merge branch '4034-heap-use-after-free-error-workaround' into 'bind-9.16'
Workaround heap-use-after-free error in process_sendevent()

See merge request isc-projects/bind9!7979
2023-05-31 09:41:16 +00:00
Michal Nowak
a396325ae3 Workaround heap-use-after-free error in process_sendevent()
This is a workaround of a permanent CI failure after GitLab CI migration
to AWS.
2023-05-31 11:19:39 +02:00
Michal Nowak
497a2fe694 Merge branch 'mnowak/custom-userspace-rcu-library-9.16' into 'bind-9.16'
[9.16] Change images for TSAN jobs

See merge request isc-projects/bind9!7988
2023-05-30 19:27:34 +00:00
Michal Nowak
42cded2713 Change images for TSAN jobs
Fedora 38 and Debian "bullseye" images were "forked" to images used only
for TSAN CI jobs. The new images contain TSAN-aware liburcu that does
not fit well with ASAN CI jobs for which original images were also used.

liburcu is not used in this branch, but images are shared among
branches, and their use needs to be consistent in all maintained
branches.

(cherry picked from commit 04dda8661f)
2023-05-30 20:45:09 +02:00
Matthijs Mekking
b933b55ead Merge branch '3950-serve-stale-strikes-again-v9.16' into 'bind-9.16'
[9.16] Fix serve-stale bug when cache has no data

See merge request isc-projects/bind9!7982
2023-05-30 15:06:51 +00:00
Matthijs Mekking
10f5d78d27 Add release note and changes for #3950
Fixing another serve-stale bug is still news.

(cherry picked from commit 23dbb6ba72)
2023-05-30 16:07:43 +02:00
Matthijs Mekking
2cce83e0d7 Fix serve-stale bug when cache has no data
We recently fixed a bug where in some cases (when following an
expired CNAME for example), named could return SERVFAIL if the target
record is still valid (see isc-projects/bind9#3678, and
isc-projects/bind9!7096). We fixed this by considering non-stale
RRsets as well during the stale lookup.

However, this triggered a new bug because despite the answer from
cache not being stale, the lookup may be triggered by serve-stale.
If the answer from database is not stale, the fix in
isc-projects/bind9!7096 erroneously skips the serve-stale logic.

Add 'answer_found' checks to the serve-stale logic to fix this issue.

(cherry picked from commit bbd163acf6)
2023-05-30 15:32:24 +02:00
Matthijs Mekking
2d5b975f3a Add serve-stale test case for GL #3950
Add a test case where when priming the cache with a slow authoritative
resolver, the stale-answer-client-timeout option should not return
a delegation to the client (it should wait until an applicable answer
is found, if no entry is found in the cache).

(cherry picked from commit c3d4fd3449)
2023-05-30 15:32:24 +02:00
Michal Nowak
1732aaccc4 Merge branch 'mnowak/gitlab-runner-autoscaling-9.16' into 'bind-9.16'
[9.16] Run most Docker CI jobs in AWS with autoscaler

See merge request isc-projects/bind9!7970
2023-05-26 10:00:37 +00:00
Michal Nowak
3096bc162d Run most Docker CI jobs in AWS with autoscaler
All but the "respdiff-long" job, for which our AWS instances do not have
enough memory, are now being spawned in the AWS by the autoscaler
executor.

(cherry picked from commit f09cf69594)
2023-05-26 11:55:54 +02:00
Michal Nowak
5e984fdbe5 Merge branch 'mnowak/get_core_dumps-fix-misplaced-tsan-line-9.16' into 'bind-9.16'
[9.16] TSAN summarising line was misplaced in run.sh

See merge request isc-projects/bind9!7950
2023-05-19 12:58:52 +00:00
Michal Nowak
f00a212cb8 TSAN summarising line was misplaced in run.sh
The line summarising TSAN reports was misplaced in the ASAN territory
and thus never used.

I also made core dumps, assertion failures, and TSAN reports detection
independent of each other.

(cherry picked from commit 0c4c7ddec4)
2023-05-19 14:55:23 +02:00
Michal Nowak
0c2ef4ab80 Merge branch 'mnowak/danger-test-pairwise-hint-9.16' into 'bind-9.16'
[9.16] Add a friendly Danger plea to run the pairwise CI job

See merge request isc-projects/bind9!7954
2023-05-19 12:41:34 +00:00
Michal Nowak
dd996601d0 Add a friendly Danger plea to run the pairwise CI job
Sometimes a pairwise definition for a new ./configure switch is added
but not tested in the CI.

(cherry picked from commit 96563c6020)
2023-05-19 14:34:54 +02:00
Michal Nowak
f905df3b7c Merge branch 'mnowak/fedora-38-9.16' into 'bind-9.16'
[9.16] Add Fedora 38

See merge request isc-projects/bind9!7952
2023-05-19 12:10:55 +00:00
Michal Nowak
f3a98ae6bd Add Fedora 38
(cherry picked from commit 2e0550970b)
2023-05-19 14:05:45 +02:00
Michal Nowak
5554e4e57d Merge branch '4076-nsupdate-disable-too-many-DNS-UPDATEs-queued-check-on-windows' into 'bind-9.16'
Disable exceeded quota check on Windows

See merge request isc-projects/bind9!7943
2023-05-18 15:13:24 +00:00
Michal Nowak
4078347d80 Disable exceeded quota check on Windows
This check is too unstable on Windows. Given the bind-9.16 branch is in
security fixes-only mode, something unlikely to be investigated before
the branch goes EOL.
2023-05-18 16:57:55 +02:00
Michał Kępień
e737e2b523 Merge tag 'v9.16.41' into bind-9.16
BIND 9.16.41
2023-05-18 14:17:30 +02:00
Mark Andrews
ad3c012ff2 Merge branch '4035-fuzz-mem-c-871-fatal-error-runtime_check-pthread_mutex_lock-contextslock-0-0-34-0-failed' into 'bind-9.16'
Resolve "fuzz: mem.c:871: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) == 0) ? 0 : 34) == 0) failed"

See merge request isc-projects/bind9!7907
2023-05-18 04:10:46 +00:00
Mark Andrews
e50c962061 Remove init and deinit from fuzz.h
Constructors and destructors for the main program are not reliable
as they may be called before constructors for shared libraries they
depend upon or be called after destructors of shared libraries they
depend upon.
2023-05-18 13:45:22 +10:00
Mark Andrews
be6bf6e9a4 Merge branch '4066-resolv-conf-parsing-eats-lines-if-more-than-3-nameservers-set-bind-9.16' into 'bind-9.16'
[9.16] Resolve "resolv.conf parsing eats lines if more than 3 nameservers set"

See merge request isc-projects/bind9!7942
2023-05-17 23:36:57 +00:00
Mark Andrews
9916cbabbc Add CHANGES for [GL #4066]
(cherry picked from commit 36dab033dc)
2023-05-18 08:52:52 +10:00
Mark Andrews
a01c0e175a Properly process extra nameserver lines in resolv.conf
The whole line needs to be read rather than just the token "nameserver"
otherwise the next line in resolv.conf is not properly processed.

(cherry picked from commit 864cd08052)
2023-05-18 08:52:17 +10:00
Michal Nowak
867deef895 Merge branch 'mnowak/openbsd-7.3-9.16' into 'bind-9.16'
[9.16] Add OpenBSD 7.3

See merge request isc-projects/bind9!7930
2023-05-15 18:38:03 +00:00
Michal Nowak
bfe80552fd Add OpenBSD 7.3
(cherry picked from commit ff52cd9604)
2023-05-15 19:54:42 +02:00
Michal Nowak
2c9cc09729 Merge branch 'mnowak/freebsd-13.2-9.16' into 'bind-9.16'
[9.16] Add FreeBSD 13.2

See merge request isc-projects/bind9!7928
2023-05-15 16:53:54 +00:00
Michal Nowak
1e2d7c933f Add FreeBSD 13.2
(cherry picked from commit 81ad645d7d)
2023-05-15 18:37:04 +02:00
Arаm Sаrgsyаn
e857952e60 Merge branch '4054-zone_resigninc-bugfix-9.16' into 'bind-9.16'
[9.16] zone_resigninc(): check whether zone->db is a valid pointer before attaching

See merge request isc-projects/bind9!7924
2023-05-15 14:00:45 +00:00
Aram Sargsyan
86a8bc180b Add a CHANGES note for [GL #4054]
(cherry picked from commit 00ed5f84a9)
2023-05-15 12:05:51 +00:00
Aram Sargsyan
537c2d2c68 Check whether zone->db is a valid pointer before attaching
The zone_resigninc() function does not check the validity of
'zone->db', which can crash named if the zone was unloaded earlier,
for example with "rndc delete".

Check that 'zone->db' is not 'NULL' before attaching to it, like
it is done in zone_sign() and zone_nsec3chain() functions, which
can similarly be called by zone maintenance.

(cherry picked from commit fae0930eb8)
2023-05-15 12:05:11 +00:00
Michal Nowak
2f890fd8c7 Merge branch 'mnowak/drop_set_key_default_values' into 'bind-9.16'
Drop set_key_default_values function

See merge request isc-projects/bind9!7910
2023-05-12 09:11:57 +00:00