Commit Graph

7129 Commits

Author SHA1 Message Date
Tinderbox User
ed6da5ec3d prep 9.11.14 2019-12-12 05:01:05 +00:00
Mark Andrews
020c29a8c8 Note bucket lock requirements.
(cherry picked from commit 13aaeaa06f)
2019-12-11 11:08:03 +11:00
Mark Andrews
89cf1dc665 lock access to fctx->nqueries
(cherry picked from commit 5589748eca)
2019-12-11 11:02:21 +11:00
Mark Andrews
4263b2ea21 address deadlock introduced in cd2469d3cd
(cherry picked from commit fd52417f71)
2019-12-10 20:24:05 +00:00
Mark Andrews
56af72c1d4 Assign fctx->client when fctx is created rather when the join happens.
This prevents races on fctx->client whenever a new fetch joins a existing
fetch (by calling fctx_join) as it is now invariant for the active life of
fctx.

(cherry picked from commit 9ca6ad6311)
2019-12-03 23:39:47 +11:00
Mark Andrews
882d79b2a3 r/w of rbtdb->current_version requires that rbtdb->lock be held
(cherry picked from commit cd2469d3cd)
2019-12-03 16:50:06 +11:00
Mark Andrews
37eb8e0d6c define and use FCTX_ATTR_SET and FCTX_ATTR_CLR 2019-12-03 11:41:05 +11:00
Mark Andrews
3114ff2346 make FCTX_ATTR_SHUTTINGDOWN a independent bool 2019-12-03 08:51:44 +11:00
Mark Andrews
1c61f129c3 rdataset_setownercase and rdataset_getownercase need to obtain a node lock
(cherry picked from commit 637b2c4e51)
2019-11-29 07:13:04 +11:00
Mark Andrews
449f96c7bb add comments 'tree_lock(write) must be held'
(cherry picked from commit 8f6aaa7230)
2019-11-27 18:06:05 +01:00
Mark Andrews
37f6845980 rbtnode->nsec needs to be read while holding the tree lock
(cherry picked from commit 7cad3b2e91)
2019-11-27 18:06:05 +01:00
Mark Andrews
d74a6a96c3 move maxbuffers test to allocate_udp_buffer
(cherry picked from commit 26a93d77aa)
2019-11-26 11:53:33 +11:00
Mark Andrews
1d928de33e Lock dispatch manager buffer_lock before accessing buffers;
Only test buffers for UDP dispatches.

(cherry picked from commit 011af4de71)
2019-11-26 11:53:33 +11:00
Mark Andrews
dcb21f39b6 lock disp->mgr before reading disp->mgr->buffers
(cherry picked from commit afc7389ce8)
2019-11-26 11:53:33 +11:00
Mark Andrews
9cffeb606a lock dispatch before reporting state
(cherry picked from commit 3075445ed6)
2019-11-23 08:25:47 +11:00
Mark Andrews
9d4f5f88f3 Conditional compilation of lock_callback was inconsistent with
conditional use of the function when forcing BIND to build with
older and unsupported versions of OpenSSL.
2019-11-21 10:59:16 +11:00
Evan Hunt
99203103b7 Merge tag 'v9_11_13' into merge-v9_11_13 2019-11-20 13:43:34 -08:00
Mark Andrews
a64c9fae62 use update_recordsandbytes in rbt_datafixer
(cherry picked from commit 7d4d64340e)
2019-11-20 01:01:52 +08:00
Mark Andrews
cf78ae96e5 always obtain write lock when updating version->{records,bytes}
(cherry picked from commit 0cda448248)
2019-11-20 01:01:51 +08:00
Ondřej Surý
ab4e6c2fe7 lib/dns/resolver.c: Call dns_adb_endudpfetch() only for UDP queries
The dns_adb_beginudpfetch() is called only for UDP queries, but
the dns_adb_endudpfetch() is called for all queries, including
TCP.  This messages the quota counting in adb.c.

(cherry picked from commit a5189eefa5)
2019-11-19 03:48:47 +08:00
Ondřej Surý
d2c86b2159 Internally, use {PATH,NAME}_MAX instead of ISC_DIR_{PATH,NAME}MAX 2019-11-12 09:31:40 +01:00
Samuel Thibault
88061c2acb hurd: Fix build
Move PATH_MAX, NAME_MAX, IOV_MAX default definitions to the common
<isc/platform.h>.

(cherry picked from commit d10fbdec84)
2019-11-12 09:22:15 +01:00
Tinderbox User
336d24089b prep 9.11.13 2019-11-06 21:26:36 +00:00
Ondřej Surý
b154ef1f86 Describe the polynomial backoff curve used in the quota adjustment
(cherry picked from commit 56ef09c3a1)
2019-11-06 20:50:46 +01:00
Witold Kręcicki
bc96d7b3bb Jitter signatures times when adding dynamic records.
When doing regular signing expiry time is jittered to make sure
that the re-signing times are not clumped together. This expands
this behaviour to expiry times of dynamically added records.

When incrementally re-signing a zone use the full jitter range if
the server appears to have been offline for greater than 5 minutes
otherwise use a small jitter range of 3600 seconds.  This will stop
the signatures becoming more clustered if the server has been off
line for a significant period of time (> 5 minutes).

Manually edits: resolve conflicts, replace isc_random_uniform
with isc_random_jitter.

(cherry picked from commit 6b2fd40269)
2019-11-06 16:30:50 +01:00
Ondřej Surý
4e3d0cb7ac Remove a dead assignment
This fixes the following scan-build warning:

zt.c:325:12: warning: Value stored to 'zt' during its initialization is never read
        dns_zt_t *zt = params->zt;
                  ^~   ~~~~~~~~~~
1 warning generated.
2019-11-05 23:07:07 +01:00
Ondřej Surý
12f6a44256 Ensure name count stays positive in remove_nodes()
This fixes a scan-build false-positive:

rbt_test.c:914:8: warning: Assigned value is garbage or undefined
                node %= *names_count;
                     ^  ~~~~~~~~~~~~
1 warning generated.

The remove_nodes() function is always called with correct arguments
(num_names is in <1;*names_count> range), so the modulo by zero cannot
happen, but nevertheless scan-build detects this and it's easy to fix.
2019-11-05 23:07:07 +01:00
Mark Andrews
16ad444207 Record when querytsig is valid
(cherry picked from commit 4938f97c97)

This commit was cherry-picked from v9_14 and it fixes the following
scan-build warnings:

tsig.c:1030:20: warning: Assigned value is garbage or undefined
                        tsig.timesigned = querytsig.timesigned;
                                        ^ ~~~~~~~~~~~~~~~~~~~~
tsig.c:1092:26: warning: The right operand of '<' is a garbage value
                        if (response && bytes < querytsig.siglen)
                                              ^ ~~~~~~~~~~~~~~~~
2 warnings generated.
2019-11-05 23:06:29 +01:00
Ondřej Surý
c1587e8587 libdns: add missing checks for return values in dnstap unit test
Related scan-build report:

dnstap_test.c:169:2: warning: Value stored to 'result' is never read
        result = dns_test_makeview("test", &view);
        ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dnstap_test.c:193:2: warning: Value stored to 'result' is never read
        result = dns_compress_init(&cctx, -1, dt_mctx);
        ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.

(cherry picked from commit e9acad638e)
2019-11-05 09:53:18 +01:00
Ondřej Surý
0c277c7053 libdns: Remove useless checks for ISC_R_MEMORY, which cannot happen now
(cherry picked from commit 80b55d25de)
2019-11-05 09:49:57 +01:00
Michał Kępień
e6dd9db0e4 Prevent TCP failures from affecting EDNS stats
EDNS mechanisms only apply to DNS over UDP.  Thus, errors encountered
while sending DNS queries over TCP must not influence EDNS timeout
statistics.

(cherry picked from commit fce3c93ea2)
2019-10-31 09:55:06 +01:00
Michał Kępień
a6331686a8 Prevent query loops for misbehaving servers
If a TCP connection fails while attempting to send a query to a server,
the fetch context will be restarted without marking the target server as
a bad one.  If this happens for a server which:

  - was already marked with the DNS_FETCHOPT_EDNS512 flag,
  - responds to EDNS queries with the UDP payload size set to 512 bytes,
  - does not send response packets larger than 512 bytes,

and the response for the query being sent is larger than 512 byes, then
named will pointlessly alternate between sending UDP queries with EDNS
UDP payload size set to 512 bytes (which are responded to with truncated
answers) and TCP connections until the fetch context retry limit is
reached.  Prevent such query loops by marking the server as bad for a
given fetch context if the advertised EDNS UDP payload size for that
server gets reduced to 512 bytes and it is impossible to reach it using
TCP.

(cherry picked from commit 6cd115994e)
2019-10-31 08:50:48 +01:00
Mark Andrews
5a28b235c8 Log DNS_R_UNCHANGED from sync_secure_journal() at info level in receive_secure_serial()
(cherry picked from commit 8eb09f3232)
2019-10-30 12:13:38 +11:00
Tinderbox User
5dfdc818d2 Merge branch 'v9_11_12' into v9_11 2019-10-24 05:58:38 +00:00
Mark Andrews
d2c51b9c4b Address cppcheck reports
(cherry picked from commit fcebc4f15b)
2019-10-04 14:34:21 +10:00
Ondřej Surý
d26c36a338 Remove randomly scattered additional style check suppressions that caused unmatchedSuppression
(cherry picked from commit a0d3614a60)
2019-10-03 14:21:47 +02:00
Ondřej Surý
1506ad6e76 lib/dns/tsig.c: Suppress Cppcheck false positive error uninitStructMember
(cherry picked from commit 8f2ad12d0a)
2019-10-03 14:21:46 +02:00
Ondřej Surý
49d017aa75 lib/dns/tests/rbt_serialize_test.c: Fix dereference before DbC check
(cherry picked from commit 14c174d921)
2019-10-03 14:21:46 +02:00
Ondřej Surý
b20df811fb Instead of declaring unused va_list, just don't declare it at all
(cherry picked from commit 269d507ccc)
2019-10-03 14:21:46 +02:00
Ondřej Surý
d76c92bba7 lib/dns/rdatalist.c: Fix dereference before DbC check
(cherry picked from commit 5fc7e98d29)
2019-10-03 14:21:46 +02:00
Ondřej Surý
8a01f18958 lib/dns/rdata/*/*.c: Silence false positive nullPointerRedundantCheck warning from Cppcheck
Cppcheck gets confused by:

void bar(void *arg) {
    foo *data = arg;
    REQUIRE(source != NULL);
    REQUIRE(data->member != NULL);
}

and for consistency the DbC check needs to be changed to

void bar(void *arg) {
    foo *data = arg;
    REQUIRE(data != NULL);
    REQUIRE(data->member != NULL);
}

(cherry picked from commit 66af8713d8)
2019-10-03 14:21:46 +02:00
Ondřej Surý
56a2cba642 lib/dns/rdata.c: Silence false positive nullPointerRedundantCheck warning from Cppcheck
(cherry picked from commit e68333aa67)
2019-10-03 14:21:46 +02:00
Ondřej Surý
c1df74f9c9 lib/dns/rbtdb.c: Add DbC check to safely dereference rbtdb in rbt_datafixer()
(cherry picked from commit d508ce4036)
2019-10-03 14:21:46 +02:00
Ondřej Surý
d04cc31c6e lib/dns/rbt.c: Suppress nullPointerRedundantCheck warnings from Cppcheck
(cherry picked from commit 8be5c3fcfc)
2019-10-03 14:21:46 +02:00
Ondřej Surý
f8200d8802 lib/dns/name.c: Fix dereference before DbC check reported by Cppcheck
(cherry picked from commit 0f5860aad3)
2019-10-03 14:21:46 +02:00
Ondřej Surý
68ae992b71 lib/dns/gssapi_link.c: Fix %d -> %u formatting when printing unsigned integers
(cherry picked from commit cea871464f)
2019-10-03 14:21:46 +02:00
Ondřej Surý
601380c4ed Fix passing NULL after the last typed argument to a variadic function leads to undefined behaviour.
From Cppcheck:

Passing NULL after the last typed argument to a variadic function leads to
undefined behaviour.  The C99 standard, in section 7.15.1.1, states that if the
type used by va_arg() is not compatible with the type of the actual next
argument (as promoted according to the default argument promotions), the
behavior is undefined.  The value of the NULL macro is an implementation-defined
null pointer constant (7.17), which can be any integer constant expression with
the value 0, or such an expression casted to (void*) (6.3.2.3). This includes
values like 0, 0L, or even 0LL.In practice on common architectures, this will
cause real crashes if sizeof(int) != sizeof(void*), and NULL is defined to 0 or
any other null pointer constant that promotes to int.  To reproduce you might be
able to use this little code example on 64bit platforms. If the output includes
"ERROR", the sentinel had only 4 out of 8 bytes initialized to zero and was not
detected as the final argument to stop argument processing via
va_arg(). Changing the 0 to (void*)0 or 0L will make the "ERROR" output go away.

void f(char *s, ...) {
    va_list ap;
    va_start(ap,s);
    for (;;) {
        char *p = va_arg(ap,char*);
        printf("%018p, %s\n", p, (long)p & 255 ? p : "");
        if(!p) break;
    }
    va_end(ap);
}

void g() {
    char *s2 = "x";
    char *s3 = "ERROR";

    // changing 0 to 0L for the 7th argument (which is intended to act as
    // sentinel) makes the error go away on x86_64
    f("first", s2, s2, s2, s2, s2, 0, s3, (char*)0);
}

void h() {
    int i;
    volatile unsigned char a[1000];
    for (i = 0; i<sizeof(a); i++)
        a[i] = -1;
}

int main() {
    h();
    g();
    return 0;
}

(cherry picked from commit d8879af877)
2019-10-03 14:21:46 +02:00
Ondřej Surý
034df34d92 lib/dns/ecdb.c: Fix couple of DbC conditions reported by Cppcheck
(cherry picked from commit 91cc6b9eb9)
2019-10-03 14:21:46 +02:00
Ondřej Surý
8dea1118c7 Fix the constification of the dns_name_t * result variable for dns_tsig_identity()
(cherry picked from commit fa7475b77a)
2019-10-03 14:21:46 +02:00
Ondřej Surý
d16e4994e3 Change dns_tsigkey_identity from macro to a function and const argument and result
(cherry picked from commit 2e304b0b7f)
2019-10-03 09:55:30 +02:00