upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-21 09:26:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Don't remove corresponding RRSIG in the same loop

Browse source 
The dns_db_deleterdataset() removing the corresponding signature
within the iterator is wrong, because it mutates an rdataset
that is not the current one.
This commit is contained in:
Matthijs Mekking 2026-05-18 17:41:32 +02:00 committed by Ondřej Surý
parent e90a828307
commit 1abd977f43
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 24 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
lib/dns/resolver.c
View file

@ -5594,30 +5594,34 @@ evict_cname_other(fetchctx_t *fctx, dns_name_t *name) {
DNS_RDATASETITER_FOREACH(rdsiter) {
dns_rdataset_t rdataset = DNS_RDATASET_INIT;
dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.type == dns_rdatatype_nsec ||
rdataset.type == dns_rdatatype_nxt ||
rdataset.type == dns_rdatatype_key)
{
/* KEY, NSEC and NXT records are allowed */
dns_rdataset_disassociate(&rdataset);
continue;
}
if (dns_rdatatype_issig(rdataset.type)) {
/* Signatures will be deleted together below */
dns_rdataset_disassociate(&rdataset);
continue;
}
if (rdataset.type == dns_rdatatype_none) {
/* Negative type. */
if (NEGATIVE(&rdataset)) {
/* Keep all negative entries */
dns_rdataset_disassociate(&rdataset);
continue;
}
dns_db_deleterdataset(fctx->cache, node, NULL, rdataset.type,
0);
dns_db_deleterdataset(fctx->cache, node, NULL,
dns_rdatatype_rrsig, rdataset.type);
dns_rdataset_disassociate(&rdataset);
dns_typepair_t typepair = DNS_TYPEPAIR_VALUE(rdataset.type,
rdataset.covers);
switch (typepair) {
/* KEY, NSEC and NXT records are allowed */
case DNS_TYPEPAIR(dns_rdatatype_nsec):
case DNS_TYPEPAIR(dns_rdatatype_nxt):
case DNS_TYPEPAIR(dns_rdatatype_key):
case DNS_SIGTYPEPAIR(dns_rdatatype_nsec):
case DNS_SIGTYPEPAIR(dns_rdatatype_nxt):
case DNS_SIGTYPEPAIR(dns_rdatatype_key):
/* Keep the CNAME and its signature */
case DNS_TYPEPAIR(dns_rdatatype_cname):
case DNS_SIGTYPEPAIR(dns_rdatatype_cname):
dns_rdataset_disassociate(&rdataset);
continue;
default:
/* Evict everything else */
dns_db_deleterdataset(fctx->cache, node, NULL,
rdataset.type, rdataset.covers);
dns_rdataset_disassociate(&rdataset);
}
}
dns_rdatasetiter_destroy(&rdsiter);