Commit Graph

35046 Commits

Author SHA1 Message Date
Michał Kępień
d048f6d5f0 Add release note for GL #3678 2023-01-12 22:34:32 +01:00
Michał Kępień
28c04575f1 Tweak and reword release notes 2023-01-12 22:34:32 +01:00
Michał Kępień
f76d95cdbb Prepare release notes for BIND 9.16.37 2023-01-12 22:34:32 +01:00
Michał Kępień
7ce861864d Fix a typo in the DNSSEC Guide 2023-01-12 22:34:32 +01:00
Michał Kępień
b4a65aaea1 Merge branch '3619-security-serve-stale-client-timeout-crash-v9_16' into 'security-v9_16'
[9.16] [CVE-2022-3924] Fix the serve-stale crash when recursive clients soft quota is reached

See merge request isc-private/bind9!479
2023-01-12 12:05:11 +00:00
Aram Sargsyan
8a05a6d1d7 Add CHANGES and release notes for [GL #3619]
(cherry picked from commit d08a478b42)
2023-01-12 13:00:03 +01:00
Aram Sargsyan
6bebcedb80 Cancel all fetch events in dns_resolver_cancelfetch()
Although 'dns_fetch_t' fetch can have two associated events, one for
each of 'DNS_EVENT_FETCHDONE' and 'DNS_EVENT_TRYSTALE' types, the
dns_resolver_cancelfetch() function is designed in a way that it
expects only one existing event, which it must cancel, and when it
happens so that 'stale-answer-client-timeout' is enabled and there
are two events, only one of them is canceled, and it results in an
assertion in dns_resolver_destroyfetch(), when it finds a dangling
event.

Change the logic of dns_resolver_cancelfetch() function so that it
cancels both the events (if they exist), and in the right order.

(cherry picked from commit ec2098ca35)
2023-01-12 13:00:03 +01:00
Michał Kępień
ea79385990 Merge branch '3622-serve-stale-rrsig-fix-security-v9_16' into 'security-v9_16'
[9.16] [CVE-2022-3736] Properly handle stale RRSIG lookups

See merge request isc-private/bind9!486
2023-01-12 11:39:34 +00:00
Mark Andrews
8309e2656c Add release note for [GL #3622]
(cherry picked from commit 42c42be9a9)
2023-01-12 12:33:28 +01:00
Mark Andrews
fbbc91bb77 Add CHANGES note for [GL #3622]
(cherry picked from commit 8ca018b5ec)
2023-01-12 12:33:28 +01:00
Mark Andrews
3cd0c32b0a Move the mapping of SIG and RRSIG to ANY
dns_db_findext() asserts if RRSIG is passed to it and
query_lookup_stale() failed to map RRSIG to ANY to prevent this.  To
avoid cases like this in the future, move the mapping of SIG and RRSIG
to ANY for qctx->type to qctx_init().

(cherry picked from commit 56eae06418)
2023-01-12 12:33:28 +01:00
Michał Kępień
82185f4f80 Merge branch '3523-confidential-update-quota-v9_16' into 'security-v9_16'
[9.16] [CVE-2022-3094] apply quotas to updates

See merge request isc-private/bind9!491
2023-01-12 11:22:23 +00:00
Evan Hunt
9fed0e0115 CHANGES and release notes for [GL #3523]
(cherry picked from commit 991de0aa76)
2023-01-12 12:21:36 +01:00
Evan Hunt
8c78511e9a test failure conditions
verify that updates are refused when the client is disallowed by
allow-query, and update forwarding is refused when the client is
is disallowed by update-forwarding.

verify that "too many DNS UPDATEs" appears in the log file when too
many simultaneous updates are processing.

(cherry picked from commit b91339b80e)
2023-01-12 12:21:36 +01:00
Evan Hunt
eb98d96481 move update ACL and update-policy checks before quota
check allow-update, update-policy, and allow-update-forwarding before
consuming quota slots, so that unauthorized clients can't fill the
quota.

(this moves the access check before the prerequisite check, which
violates the precise wording of RFC 2136. however, RFC co-author Paul
Vixie has stated that the RFC is mistaken on this point; it should have
said that access checking must happen *no later than* the completion of
prerequisite checks, not that it must happen exactly then.)

(cherry picked from commit 964f559edb)
2023-01-12 12:21:36 +01:00
Evan Hunt
7fe2204a2e add a configuration option for the update quota
add an "update-quota" option to configure the update quota.

(cherry picked from commit f57758a730)
2023-01-12 12:21:36 +01:00
Evan Hunt
35711a29e5 add an update quota
limit the number of simultaneous DNS UPDATE events that can be
processed by adding a quota for update and update forwarding.
this quota currently, arbitrarily, defaults to 100.

also add a statistics counter to record when the update quota
has been exceeded.

(cherry picked from commit 7c47254a14)
2023-01-12 12:21:36 +01:00
Ondřej Surý
afc49c62e0 Merge branch '3744-catz-small-update-to-large-catz-causes-cpu-spike' into 'v9_16'
[9.16] Increase catalog zone entries hash table's bits size

See merge request isc-projects/bind9!7357
2023-01-11 18:06:11 +00:00
Aram Sargsyan
60dece8277 Increase catalog zone entries hash table's bits size
The hash table implementation in the current branch does not
support automatic resize operation, so the initial value of
the table should be chosen carefully.

Catalog zones entries hash table's size is currently only 4 bits,
which is very low for a catalog zone with thousands of entries,
and causes CPU consumption spikes when working with the hash
table to add/delete/search entries.

Use 16 bits instead, which should make working with big catalog
zones much faster at the expense of slightly higher memory usage,
i.e. 512 KiB for a 64-bit system for each catalog zone.
2023-01-11 17:26:26 +00:00
Arаm Sаrgsyаn
5823dacba8 Merge branch 'aram/dns_fwdtable_addfwd-cleanup-bugfix-v9_16' into 'v9_16'
[9.16] Fix dns_fwdtable_addfwd() error path cleanup bug

See merge request isc-projects/bind9!7353
2023-01-11 14:15:20 +00:00
Aram Sargsyan
144135415b Use sizeof(*ptr) for allocating/freeing memory in forward.c
As shown in the previous commit, using sizeof(type_t) is a little
bit more error-prone when copy-pasting code, so extracting the
size information from the pointer which is being dealt with seems
like a better alternative.

(cherry picked from commit cf4003fa58)
2023-01-11 13:42:00 +00:00
Aram Sargsyan
1950629ffa Fix dns_fwdtable_addfwd() error path cleanup bug
Free 'sizeof(dns_forwarder_t)' bytes of memory instead of
'sizeof(dns_sockaddr_t)' bytes, because `fwd` is a pointer
to a 'dns_forwarder_t' type structure.

(cherry picked from commit 0cc1b06d98)
2023-01-11 13:42:00 +00:00
Arаm Sаrgsyаn
56281e968d Merge branch '3768-dns_zonemgr-use-after-free-v9_16' into 'v9_16'
[9.16] Fix a use-after-free bug in dns_zonemgr_releasezone()

See merge request isc-projects/bind9!7352
2023-01-11 13:01:40 +00:00
Aram Sargsyan
1cab382d17 Add a CHANGES note for [GL #3768]
(cherry picked from commit d50cb1d45d)
2023-01-11 12:17:38 +00:00
Aram Sargsyan
272afcd999 Fix a use-after-free bug in dns_zonemgr_releasezone()
The dns_zonemgr_releasezone() function makes a decision to destroy
'zmgr' (based on its references count, after decreasing it) inside
a lock, and then destroys the object outside of the lock.

This causes a race with dns_zonemgr_detach(), which could destroy
the object in the meantime.

Change dns_zonemgr_releasezone() to detach from 'zmgr' and destroy
the object (if needed) using dns_zonemgr_detach(), outside of the
lock.

(cherry picked from commit c1fc212253)
2023-01-11 12:17:27 +00:00
Evan Hunt
f57d21c01a Merge branch '3773-remove-dscp-v9_16' into 'v9_16'
[9.16] deprecate dscp configuration

See merge request isc-projects/bind9!7337
2023-01-10 19:46:39 +00:00
Evan Hunt
288e7332ed CHANGES and release note for [GL #3773] 2023-01-10 11:16:18 -08:00
Matthijs Mekking
0656395f25 Test deprecate dscp configuration
Add 'dscp' token and 'option' to deprecated.conf. It should trigger warnings
(except when deprecation warnings are being ignored).
2023-01-10 11:16:18 -08:00
Evan Hunt
0b40df8f8a deprecate dscp configuration
This commit deprecates the "dscp" configuration option and "dscp"
parameters to source-address configuration options (query-source,
transfer-source, etc.

(Note that the DSCP feature has not been fully operational since
the network manager was introduced in 9.16.0; outgoing DSCP values
can be configured, but incoming DSCP values are not detected.)
2023-01-10 11:16:18 -08:00
Michal Nowak
e929b3b54a Merge branch 'mnowak/abort-on-ubsan-errors-v9_16' into 'v9_16'
[9.16] Abort on UBSAN errors

See merge request isc-projects/bind9!7328
2023-01-10 10:23:28 +00:00
Michal Nowak
b276e76130 Abort on UBSAN errors
Previously, UBSAN errors might slip undetected.

(cherry picked from commit 1451bb7390)
2023-01-10 10:17:37 +01:00
Mark Andrews
7c51096f8b Merge branch '3787-siphash-c-105-26-runtime-error-applying-zero-offset-to-null-pointer-v9_16' into 'v9_16'
[9.16] Accept 'in=NULL' with 'inlen=0' in isc_{half}siphash24

See merge request isc-projects/bind9!7342

Backport of MR !7339
2023-01-10 08:18:01 +00:00
Mark Andrews
f1c08fe93b Accept 'in=NULL' with 'inlen=0' in isc_{half}siphash24
Arthimetic on NULL pointers is undefined.  Avoid arithmetic operations
when 'in' is NULL and require 'in' to be non-NULL if 'inlen' is not zero.

(cherry picked from commit 349c23dbb7)
2023-01-10 18:36:27 +11:00
Mark Andrews
cc11456017 Merge branch '3788-rbt-c-187-19-runtime-error-applying-zero-offset-to-null-pointer' into 'v9_16'
Resolve "rbt.c:187:19: runtime error: applying zero offset to null pointer"

See merge request isc-projects/bind9!7340
2023-01-10 07:19:39 +00:00
Mark Andrews
2a9300a3bc Don't perform arithmetic on NULL pointers
When node is NULL when calling getparent() et al. they return NULL
but performing arithmetic on the NULL pointer is undefined.  Check
if 'node' or 'header' is NULL and skip the adjustment.
2023-01-10 17:45:51 +11:00
Matthijs Mekking
802f700d5a Merge branch '3678-serve-stale-servfailing-unexpectedly-v9_16' into 'v9_16'
[9.16] Add serve-stale CNAME check with stale-answer-client-timeout off

See merge request isc-projects/bind9!7311
2023-01-09 13:31:24 +00:00
Michał Kępień
ba1306bfb4 Check for NULL before dereferencing qctx->rpz_st
Commit 9ffb4a7ba1 causes Clang Static
Analyzer to flag a potential NULL dereference in query_nxdomain():

    query.c:9394:26: warning: Dereference of null pointer [core.NullDereference]
            if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) {
                                    ^~~~~~~~~~~~~~~~~~~
    1 warning generated.

The warning above is for qctx->rpz_st potentially being a NULL pointer
when query_nxdomain() is called from query_resume().  This is a false
positive because none of the database lookup result codes currently
causing query_nxdomain() to be called (DNS_R_EMPTYWILD, DNS_R_NXDOMAIN)
can be returned by a database lookup following a recursive resolution
attempt.  Add a NULL check nevertheless in order to future-proof the
code and silence Clang Static Analyzer.

(cherry picked from commit 07592d1315)
(cherry picked from commit a4547a1093)
2023-01-09 13:57:44 +01:00
Aram Sargsyan
36a439b91e Add a CHANGES note for [GL #3678]
(cherry picked from commit 40dee61a1e)
2023-01-09 13:57:44 +01:00
Matthijs Mekking
2696267b1f Consider non-stale data when in serve-stale mode
With 'stale-answer-enable yes;' and 'stale-answer-client-timeout off;',
consider the following situation:

A CNAME record and its target record are in the cache, then the CNAME
record expires, but the target record is still valid.

When a new query for the CNAME record arrives, and the query fails,
the stale record is used, and then the query "restarts" to follow
the CNAME target. The problem is that the query's multiple stale
options (like DNS_DBFIND_STALEOK) are not reset, so 'query_lookup()'
treats the restarted query as a lookup following a failed lookup,
and returns a SERVFAIL answer when there is no stale data found in the
cache, even if there is valid non-stale data there available.

With this change, query_lookup() now considers non-stale data in the
cache in the first place, and returns it if it is available.

(cherry picked from commit 91a1a8efc5)
2023-01-09 13:57:43 +01:00
Aram Sargsyan
869abb768b Add serve-stale CNAME check with stale-answer-client-timeout off
Prime the cache with the following records:

    shortttl.cname.example.	1	IN	CNAME	longttl.target.example.
    longttl.target.example.	600	IN	A	10.53.0.2

Wait for the CNAME record to expire, disable the authoritative server,
and query 'shortttl.cname.example' again, expecting a stale answer.

(cherry picked from commit 537187bf2f)
2023-01-09 13:57:43 +01:00
Tony Finch
d14a22b3d9 Merge branch '3745-delzone-catz-v9_16' into 'v9_16'
[9.16] Don't crash when rndc delzone encounters a catz member

See merge request isc-projects/bind9!7298
2023-01-04 19:32:40 +00:00
Tony Finch
01788b8852 Don't crash when rndc delzone encounters a catz member
Try to remove the zone from the NZF config only if it was
dynamically added but not by a catalog zone.

(cherry picked from commit 9fa20d6f6c)
2023-01-04 18:04:53 +00:00
Michał Kępień
e255032a67 Merge branch 'michal/update-copyright-year-to-2023-v9_16' into 'v9_16'
[9.16] Update copyright year to 2023

See merge request isc-projects/bind9!7284
2023-01-02 13:30:04 +00:00
Michał Kępień
f7bd3bd2b6 Update copyright year to 2023
(cherry picked from commit 1a5d707f52)
2023-01-02 14:24:23 +01:00
Tom Krizek
9d18a5b496 Merge branch 'tkrizek/default-alg-9.16-fixes' into 'v9_16'
[9.16] Skip test algorithm randomization in certain cases

See merge request isc-projects/bind9!7268
2022-12-23 12:07:38 +00:00
Tom Krizek
28b6171424 Don't check algorithm support during configure step
The 9.16 version of ./configure calls bin/tests/system/cleanall.sh
unless --without-make-clean is used. The cleanall.sh script then
includes bin/tests/system/conf.sh, which includes
bin/tests/system/conf.sh.common. At that point, dnssec-keygen which is
used to detect algorithm support isn't compiled, so it can't be used.

More importantly, algorithm selection for system tests during the
./configure phase is irrelevant, so it can be safely skipped.
2022-12-23 12:37:48 +01:00
Tom Krizek
6950dfe003 Disable test algorithm randomization if Python is missing
This change is motivated by the fact that our Windows CI image doesn't
have a Python interpreter.
2022-12-23 12:37:46 +01:00
Tom Krizek
9e895462d1 Merge branch 'tkrizek/dangerfile-backport-tweaks-v9_16' into 'v9_16'
[9.16] danger CI: tweak backport check and add Affects label check

See merge request isc-projects/bind9!7271
2022-12-23 08:58:39 +00:00
Tom Krizek
122c3f00e9 danger: check the Affects labels are set
Unless the MR is a backport, the Affects labels should be used to
indicate which versions are affected by the issue that prompted the MR.

(cherry picked from commit 64d71a1f5f)
2022-12-23 09:53:34 +01:00
Tom Krizek
413e94f2ca danger: check version in MR title
Enforce the version indicator to be at the start of the MR title.

(cherry picked from commit d1172e011c)
2022-12-23 09:53:31 +01:00