From 1d32fbcd342ae3f1aa12694ac665cef20a5b6bd1 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 16 Feb 2022 19:20:25 +1100
Subject: [PATCH] Only update foundname if returning DNS_R_COVERINGNSEC

'setup_delegation' depends on 'foundname' being the value returned
by 'dns_rbt_findnode' in the cache and 'find_coveringnsec' was
modifying 'foundname' when a covering NSEC was not found.
---
 lib/dns/rbtdb.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index df79f5de64..94b557fc05 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -4760,24 +4760,28 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
 
 /*
  * Look for a potentially covering NSEC in the cache where `name`
- * is known to not exist.  This uses the auxiliary NSEC tree to find
- * the potential NSEC owner.
+ * is known not to exist.  This uses the auxiliary NSEC tree to find
+ * the potential NSEC owner. If found, we update 'foundname', 'nodep',
+ * 'rdataset' and 'sigrdataset', and return DNS_R_COVERINGNSEC.
+ * Otherwise, return ISC_R_NOTFOUND.
  */
 static isc_result_t
 find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
 		  dns_dbnode_t **nodep, isc_stdtime_t now,
 		  dns_name_t *foundname, dns_rdataset_t *rdataset,
 		  dns_rdataset_t *sigrdataset) {
-	dns_fixedname_t fprefix, forigin, ftarget;
-	dns_name_t *prefix, *origin, *target;
+	dns_fixedname_t fprefix, forigin, ftarget, fixed;
+	dns_name_t *prefix = NULL, *origin = NULL;
+	dns_name_t *target = NULL, *fname = NULL;
 	dns_rbtnode_t *node = NULL;
 	dns_rbtnodechain_t chain;
 	isc_result_t result;
 	isc_rwlocktype_t locktype;
-	nodelock_t *lock;
+	nodelock_t *lock = NULL;
 	rbtdb_rdatatype_t matchtype, sigmatchtype;
-	rdatasetheader_t *found, *foundsig;
-	rdatasetheader_t *header, *header_next, *header_prev;
+	rdatasetheader_t *found = NULL, *foundsig = NULL;
+	rdatasetheader_t *header = NULL;
+	rdatasetheader_t *header_next = NULL, *header_prev = NULL;
 
 	/*
 	 * Look for the node in the auxilary tree.
@@ -4794,6 +4798,7 @@ find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
 	prefix = dns_fixedname_initname(&fprefix);
 	origin = dns_fixedname_initname(&forigin);
 	target = dns_fixedname_initname(&ftarget);
+	fname = dns_fixedname_initname(&fixed);
 
 	locktype = isc_rwlocktype_read;
 	matchtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_nsec, 0);
@@ -4818,16 +4823,12 @@ find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
 	 * Lookup the predecessor in the main tree.
 	 */
 	node = NULL;
-	result = dns_rbt_findnode(search->rbtdb->tree, target, foundname, &node,
+	result = dns_rbt_findnode(search->rbtdb->tree, target, fname, &node,
 				  NULL, DNS_RBTFIND_EMPTYDATA, NULL, NULL);
 	if (result != ISC_R_SUCCESS) {
 		return (ISC_R_NOTFOUND);
 	}
 
-	found = NULL;
-	foundsig = NULL;
-	header_prev = NULL;
-
 	lock = &(search->rbtdb->node_locks[node->locknum].lock);
 	NODE_LOCK(lock, locktype);
 	for (header = node->data; header != NULL; header = header_next) {
@@ -4862,6 +4863,9 @@ find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
 				      locktype, sigrdataset);
 		}
 		new_reference(search->rbtdb, node, locktype);
+
+		dns_name_copy(fname, foundname);
+
 		*nodep = node;
 		result = DNS_R_COVERINGNSEC;
 	} else {