upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch '4661-confidential-clear-dns-fetchopt-trystale-ontimeout' into 'v9.18.28-release'

Browse source 
Prevent passing DNS_EVENT_TRYSTALE events to resume_dslookup()

See merge request isc-private/bind9!678
This commit is contained in:
Nicki Křížek 2024-06-10 16:34:02 +00:00
commit 3be849bfab
3 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
6397. [bug] Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for
parent NS records needed to get the DS result.
[GL #4661]
6395. [bug] Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c.
[GL #4736]

4
doc/notes/notes-current.rst
View file

@ -15,7 +15,9 @@ Notes for BIND 9.18.28
Security Fixes
~~~~~~~~~~~~~~
- None.
- Named could trigger an assertion failure when looking up the NS
records of parent zones as part of looking up DS records. This
has been fixed. :gl:`#4661`
New Features
~~~~~~~~~~~~

13
lib/dns/resolver.c
View file

@ -7394,7 +7394,7 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
dns_rdataset_t nameservers;
dns_fixedname_t fixed;
dns_name_t *domain = NULL;
unsigned int n;
unsigned int n, options;
REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
@ -7521,11 +7521,11 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
/* Starting a new fetch, so restore the extra reference */
fctx_addref(fctx);
options = fctx->options & ~DNS_FETCHOPT_TRYSTALE_ONTIMEOUT;
result = dns_resolver_createfetch(
res, fctx->nsname, dns_rdatatype_ns, domain, nsrdataset,
NULL, NULL, 0, fctx->options, 0, NULL, task,
resume_dslookup, fctx, &fctx->nsrrset, NULL,
&fctx->nsfetch);
NULL, NULL, 0, options, 0, NULL, task, resume_dslookup,
fctx, &fctx->nsrrset, NULL, &fctx->nsfetch);
if (result != ISC_R_SUCCESS) {
if (result == DNS_R_DUPLICATE) {
result = DNS_R_SERVFAIL;
@ -9875,7 +9875,7 @@ rctx_chaseds(respctx_t *rctx, dns_message_t *message,
dns_adbaddrinfo_t *addrinfo, isc_result_t result) {
fetchctx_t *fctx = rctx->fctx;
isc_task_t *task = NULL;
unsigned int n;
unsigned int n, options;
add_bad(fctx, message, addrinfo, result, rctx->broken_type);
fctx_cancelqueries(fctx, true, false);
@ -9888,9 +9888,10 @@ rctx_chaseds(respctx_t *rctx, dns_message_t *message,
fctx_addref(fctx);
task = fctx->res->buckets[fctx->bucketnum].task;
options = fctx->options & ~DNS_FETCHOPT_TRYSTALE_ONTIMEOUT;
result = dns_resolver_createfetch(
fctx->res, fctx->nsname, dns_rdatatype_ns, NULL, NULL, NULL,
NULL, 0, fctx->options, 0, NULL, task, resume_dslookup, fctx,
NULL, 0, options, 0, NULL, task, resume_dslookup, fctx,
&fctx->nsrrset, NULL, &fctx->nsfetch);
if (result != ISC_R_SUCCESS) {
if (result == DNS_R_DUPLICATE) {