Commit Graph

11923 Commits

Author SHA1 Message Date
Ondřej Surý
bc760310cd Avoid an extra atomic_load() call 2019-11-06 11:29:35 +01:00
Diego Fronza
d5cc3ed381 Added TCP high-water statistics variable
This variable will report the maximum number of simultaneous tcp clients
that BIND has served while running.

It can be verified by running rndc status, then inspect "tcp high-water:
count", or by generating statistics file, rndc stats, then inspect the
line with "TCP connection high-water" text.

The tcp-highwater variable is atomically updated based on an existing
tcp-quota system handled in ns/client.c.

(cherry picked from commit 66fe8627de)
2019-11-06 11:26:22 +01:00
Diego Fronza
faf3cbe62d Add functions for collecting high-water counters
Add {isc,ns}_stats_{update_if_greater,get_counter}() functions that
are used to set and collect high-water type of statistics.

(cherry picked from commit a544e2e300)
2019-11-06 11:26:22 +01:00
Diego Fronza
733720a3f2 Change the isc_stat_t type to isc__atomic_statcounter_t
The isc_stat_t type was too similar to isc_stats_t type, so the name was
changed to something more distinguishable.

(cherry picked from commit eb5611a770)
2019-11-06 11:26:22 +01:00
Diego Fronza
02555bb7a5 Change the isc_statscounter_t type from int to C99 int_fast64_t type
For TCP high-water work, we need to keep the used integer types widths
in sync.

Note: int_fast32_t is used on WIN32 platform
(cherry picked from commit 0fc98ef2d5)
2019-11-06 11:26:22 +01:00
Ondřej Surý
1ab5685d25 Describe the polynomial backoff curve used in the quota adjustment
(cherry picked from commit 56ef09c3a1)
2019-11-05 11:06:04 +01:00
Ondřej Surý
027f2c1518 libdns: add missing checks for return values in dnstap unit test
Related scan-build report:

dnstap_test.c:169:2: warning: Value stored to 'result' is never read
        result = dns_test_makeview("test", &view);
        ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dnstap_test.c:193:2: warning: Value stored to 'result' is never read
        result = dns_compress_init(&cctx, -1, dt_mctx);
        ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.

(cherry picked from commit e9acad638e)
2019-11-05 09:49:24 +01:00
Ondřej Surý
72f9846be6 libdns: Change check_dnskey_sigs() return type to void to match the reality how the function is used
(cherry picked from commit 64cf5144a6)
2019-11-05 09:48:51 +01:00
Ondřej Surý
1be8170888 libdns: Remove useless checks for ISC_R_MEMORY, which cannot happen now
(cherry picked from commit 80b55d25de)
2019-11-05 09:48:50 +01:00
Michał Kępień
b2ee3fa0bb Prevent TCP failures from affecting EDNS stats
EDNS mechanisms only apply to DNS over UDP.  Thus, errors encountered
while sending DNS queries over TCP must not influence EDNS timeout
statistics.

(cherry picked from commit fce3c93ea2)
2019-10-31 09:54:23 +01:00
Michał Kępień
61370994fc Prevent query loops for misbehaving servers
If a TCP connection fails while attempting to send a query to a server,
the fetch context will be restarted without marking the target server as
a bad one.  If this happens for a server which:

  - was already marked with the DNS_FETCHOPT_EDNS512 flag,
  - responds to EDNS queries with the UDP payload size set to 512 bytes,
  - does not send response packets larger than 512 bytes,

and the response for the query being sent is larger than 512 byes, then
named will pointlessly alternate between sending UDP queries with EDNS
UDP payload size set to 512 bytes (which are responded to with truncated
answers) and TCP connections until the fetch context retry limit is
reached.  Prevent such query loops by marking the server as bad for a
given fetch context if the advertised EDNS UDP payload size for that
server gets reduced to 512 bytes and it is impossible to reach it using
TCP.

(cherry picked from commit 6cd115994e)
2019-10-31 08:49:09 +01:00
Mark Andrews
cdf114078b Log DNS_R_UNCHANGED from sync_secure_journal() at info level in receive_secure_serial()
(cherry picked from commit 8eb09f3232)
2019-10-30 12:13:01 +11:00
Mark Andrews
85d89c00da accept 0 for dnskey-sig-validity (indicates off)
(cherry picked from commit 20647657f9)
2019-10-25 07:12:03 +11:00
Mark Andrews
c46f4d14f5 check for relationship between dnstap and dnstap-output seperately
(cherry picked from commit c2fcc9f16f)
2019-10-22 08:23:32 +11:00
Tinderbox User
6330f2c6c8 Merge branch 'security-v9_14' into v9_14 2019-10-19 23:34:28 +00:00
Michał Kępień
c62c7c2f86 Suppress cppcheck 1.89 false positive
cppcheck 1.89 emits a false positive for lib/dns/spnego_asn1.c:

    lib/dns/spnego_asn1.c:700:9: error: Uninitialized variable: data [uninitvar]
     memset(data, 0, sizeof(*data));
            ^
    lib/dns/spnego.c:1709:47: note: Calling function 'decode_NegTokenResp', 3rd argument '&resp' value is <Uninit>
     ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL);
                                                  ^
    lib/dns/spnego_asn1.c:700:9: note: Uninitialized variable: data
     memset(data, 0, sizeof(*data));
            ^

This message started appearing with cppcheck 1.89 [1], but it will be
gone in the next release [2], so just suppress it for the time being.

[1] af214e8212

[2] 2595b82634

(cherry picked from commit db7fd16346)
2019-10-17 10:52:19 +02:00
Michał Kępień
2a2a346340 Fix cppcheck 1.89 warnings
cppcheck 1.89 enabled certain value flow analysis mechanisms [1] which
trigger null pointer dereference false positives in lib/dns/rpz.c:

    lib/dns/rpz.c:584:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1425:44: note: Calling function 'adj_trigger_cnt', 4th argument '(void*)0' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:584:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:598:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1425:44: note: Calling function 'adj_trigger_cnt', 4th argument '(void*)0' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:598:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:612:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1425:44: note: Calling function 'adj_trigger_cnt', 4th argument '(void*)0' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:612:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^

It seems that cppcheck no longer treats at least some REQUIRE()
assertion failures as fatal, so add extra assertion macro definitions to
lib/isc/include/isc/util.h that are only used when the CPPCHECK
preprocessor macro is defined; these definitions make cppcheck 1.89
behave as expected.

There is an important requirement for these custom definitions to work:
cppcheck must properly treat abort() as a function which does not
return.  In order for that to happen, the __GNUC__ macro must be set to
a high enough number (because system include directories are used and
system headers compile attributes away if __GNUC__ is not high enough).
__GNUC__ is thus set to the major version number of the GCC compiler
used, which is what that latter does itself during compilation.

[1] aaeec462e6

(cherry picked from commit abfde3d543)
2019-10-17 10:50:51 +02:00
Mark Andrews
446de056b6 Detect partial prefixes / incomplete IPv4 address in acls.
(cherry picked from commit fb87e669fb)
2019-10-14 01:31:44 +11:00
Ondřej Surý
3c20623436 Move the failure handling block closer to the only place where it could fail
(cherry picked from commit 69ecc711ac)
2019-10-04 14:08:26 +10:00
Ondřej Surý
aebea22fab Replace RUNTIME_CHECK(dns_name_copy(..., NULL)) with dns_name_copynf()
Use the semantic patch from the previous commit to replace all the calls to
dns_name_copy() with NULL as third argument with dns_name_copynf().

(cherry picked from commit c2dad0dcb2)
2019-10-04 14:08:26 +10:00
Ondřej Surý
a1ef76cd78 Split dns_name_copy() into dns_name_copy() and dns_name_copynf()
The dns_name_copy() function followed two different semanitcs that was driven
whether the last argument was or wasn't NULL.  This commit splits the function
in two where now third argument to dns_name_copy() can't be NULL and
dns_name_copynf() doesn't have third argument.

(cherry picked from commit f7aef3738a)
2019-10-04 14:08:25 +10:00
Ondřej Surý
660307283e The final round of adding RUNTIME_CHECK() around dns_name_copy() calls
This commit was done by hand to add the RUNTIME_CHECK() around stray
dns_name_copy() calls with NULL as third argument.  This covers the edge cases
that doesn't make sense to write a semantic patch since the usage pattern was
unique or almost unique.

(cherry picked from commit 5efa29e03a)
2019-10-04 14:08:25 +10:00
Ondřej Surý
77fe5da647 Add RUNTIME_CHECK() around result = dns_name_copy(..., NULL) calls
This second commit uses second semantic patch to replace the calls to
dns_name_copy() with NULL as third argument where the result was stored in a
isc_result_t variable.  As the dns_name_copy(..., NULL) cannot fail gracefully
when the third argument is NULL, it was just a bunch of dead code.

Couple of manual tweaks (removing dead labels and unused variables) were
manually applied on top of the semantic patch.

(cherry picked from commit 89b269b0d2)
2019-10-04 14:08:25 +10:00
Ondřej Surý
9adb3ae2d5 Add RUNTIME_CHECK() around plain dns_name_copy(..., NULL) calls using spatch
This commit add RUNTIME_CHECK() around all simple dns_name_copy() calls where
the third argument is NULL using the semantic patch from the previous commit.

(cherry picked from commit 35bd7e4da0)
2019-10-04 14:08:25 +10:00
Mark Andrews
fcebc4f15b Address cppcheck reports 2019-10-04 13:06:00 +10:00
Ondřej Surý
36b0c5a517 lib/isc/tests/md_test.c: Silence sizeofFunctionCall Cppcheck 2019-10-03 12:44:02 +02:00
Ondřej Surý
e8f64e99f3 lib/isc/tests/hmac_test.c: Silence sizeofFunctionCall Cppcheck 2019-10-03 12:44:02 +02:00
Ondřej Surý
fedfd48a08 lib/dns/zone.c: Fix invalid order of DbC checks that could cause dereference before NULL check 2019-10-03 10:16:03 +02:00
Ondřej Surý
6a82289e35 lib/dns/sdlz.c: Use the referenced variable in the DbC check 2019-10-03 10:15:35 +02:00
Ondřej Surý
9ffcc8f165 lib/dns/sdb.c: Fix invalid order of DbC checks that could cause dereference before NULL check 2019-10-03 10:14:43 +02:00
Ondřej Surý
9f75d17e95 Remove randomly scattered additional style check suppressions that caused unmatchedSuppression
(cherry picked from commit a0d3614a60)
2019-10-03 09:50:27 +02:00
Ondřej Surý
beb05c3d78 lib/ns/query.c: Fix invalid order of DbC checks that could cause dereference before NULL check
(cherry picked from commit d1f035bbba)
2019-10-03 09:50:27 +02:00
Ondřej Surý
82d3faa274 lib/ns/interfacemgr.c: Fix invalid order of DbC checks that could cause dereference before NULL check
(cherry picked from commit 033f3eb580)
2019-10-03 09:50:27 +02:00
Ondřej Surý
c12ff394f1 lib/ns/client.c: Fix invalid order of DbC checks that could cause dereference before NULL check
(cherry picked from commit b4a42a286f)
2019-10-03 09:50:27 +02:00
Ondřej Surý
929fc207c7 lib/isccfg/parser.c: Fix invalid order of DbC checks that could cause dereference before NULL check
(cherry picked from commit f855f09a55)
2019-10-03 09:50:27 +02:00
Ondřej Surý
22d5735a0e lib/isccfg/aclconf.c: Suppress nullPointerRedundantCheck false positive
(cherry picked from commit 09232213d7)
2019-10-03 09:50:27 +02:00
Ondřej Surý
be4aafeac7 lib/isc/unix/socket.c: Suppress preprocessorErrorDirective error from Cppcheck
(cherry picked from commit 026cf2ff4f)
2019-10-03 09:50:27 +02:00
Ondřej Surý
d6de4edc41 lib/isc/task.c: Fix invalid order of DbC checks that could cause dereference before NULL check
(cherry picked from commit c662969da1)
2019-10-03 09:50:27 +02:00
Ondřej Surý
4acf396f83 lib/isc/pkc11.c: Fix possible NULL pointer dereference in push_attribute()
(cherry picked from commit e8948fd9b4)
2019-10-03 09:50:27 +02:00
Ondřej Surý
ac1127b2ad lib/isc/buffer.c: Fix invalid order of DbC checks that could cause dereference before NULL check
(cherry picked from commit e9f30fc211)
2019-10-03 09:50:26 +02:00
Ondřej Surý
8b32d11206 lib/dns/tsig.c: Suppress Cppcheck false positive error uninitStructMember
(cherry picked from commit 8f2ad12d0a)
2019-10-03 09:50:26 +02:00
Ondřej Surý
8db221d97a lib/dns/tests/rbt_serialize_test.c: Fix dereference before DbC check
(cherry picked from commit 14c174d921)
2019-10-03 09:50:26 +02:00
Ondřej Surý
4ef534aa90 Instead of declaring unused va_list, just don't declare it at all
(cherry picked from commit 269d507ccc)
2019-10-03 09:50:26 +02:00
Ondřej Surý
c3c515b56b lib/dns/rdatalist.c: Fix dereference before DbC check
(cherry picked from commit 5fc7e98d29)
2019-10-03 09:50:26 +02:00
Ondřej Surý
e442d1bbd2 lib/dns/rdata/*/*.c: Silence false positive nullPointerRedundantCheck warning from Cppcheck
Cppcheck gets confused by:

void bar(void *arg) {
    foo *data = arg;
    REQUIRE(source != NULL);
    REQUIRE(data->member != NULL);
}

and for consistency the DbC check needs to be changed to

void bar(void *arg) {
    foo *data = arg;
    REQUIRE(data != NULL);
    REQUIRE(data->member != NULL);
}

(cherry picked from commit 66af8713d8)
2019-10-03 09:50:26 +02:00
Ondřej Surý
2f5a7e84d9 lib/dns/rdata.c: Silence false positive nullPointerRedundantCheck warning from Cppcheck
(cherry picked from commit e68333aa67)
2019-10-03 09:50:26 +02:00
Ondřej Surý
7379248d9c lib/dns/rbtdb.c: Add DbC check to safely dereference rbtdb in rbt_datafixer()
(cherry picked from commit d508ce4036)
2019-10-03 09:50:26 +02:00
Ondřej Surý
4a129256e4 lib/dns/rbt.c: Suppress nullPointerRedundantCheck warnings from Cppcheck
(cherry picked from commit 8be5c3fcfc)
2019-10-03 09:50:26 +02:00
Ondřej Surý
e5474241e9 lib/dns/name.c: Fix dereference before DbC check reported by Cppcheck
(cherry picked from commit 0f5860aad3)
2019-10-03 09:50:26 +02:00
Ondřej Surý
df21cac6a8 lib/dns/gssapi_link.c: Fix %d -> %u formatting when printing unsigned integers
(cherry picked from commit cea871464f)
2019-10-03 09:50:26 +02:00