fix: dev: Validating ADB fetches could cause a crash in import_rdataset()

Previously, in some cases, the resolver could return rdatasets of type CNAME or DNAME without the result code being set to `DNS_R_CNAME` or `DNS_R_DNAME`. This could trigger an assertion failure in the ADB. The resolver error has been fixed. Closes #5201 Merge branch '5201-adb-cname-error' into 'main' See merge request isc-projects/bind9!10172
2026-06-08 21:52:06 -04:00 · 2025-02-26 20:34:27 +00:00 · 2025-02-26 20:34:27 +00:00 · 49ccbe857a
commit 49ccbe857a
parent a102e504c3 1edbbc32b4
1 changed files with 14 additions and 8 deletions
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -6422,15 +6422,21 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
 			}
 		} else {
 			/*
-			 * Either we don't care about the nature of the
-			 * cache rdataset (because no fetch is
-			 * interested in the outcome), or the cache
-			 * rdataset is not a negative cache entry.
-			 * Whichever case it is, we can return success.
-			 *
-			 * XXXRTH  There's a CNAME/DNAME problem here.
+			 * The attempt to add a negative cache entry
+			 * was rejected.  Set *eresultp to reflect
+			 * the type of the dataset being returned.
 			 */
-			*eresultp = ISC_R_SUCCESS;
+			switch (ardataset->type) {
+			case dns_rdatatype_cname:
+				*eresultp = DNS_R_CNAME;
+				break;
+			case dns_rdatatype_dname:
+				*eresultp = DNS_R_DNAME;
+				break;
+			default:
+				*eresultp = ISC_R_SUCCESS;
+				break;
+			}
 		}
 		result = ISC_R_SUCCESS;
 	}