Merge branch '2041-bug-reconfig-auto-dnssec-high-thread-number-leak-resources-and-crash-named' into 'main'

Resolve "BUG reconfig+auto-dnssec+high thread number leak resources and crash named" Closes #2041 See merge request isc-projects/bind9!4669
2026-06-11 07:40:00 -04:00 · 2021-02-15 18:12:17 +00:00 · 2021-02-15 18:12:17 +00:00 · 5f1a76c710
commit 5f1a76c710
parent fe6bd687d7 757be6ec16
7 changed files with 94 additions and 13 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+5581.	[bug]		Fix memory leak happening when inline-signed zones
+			were added to the configuration followed by a
+			reconfiguration of named. [GL #2041]
+
 5580.	[test]		The system test framework no longer differentiates
 			between SKIPPED and UNTESTED system test results. Any
 			system test which is not run is now marked as SKIPPED.
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -7975,7 +7975,6 @@ configure_zone_setviewcommit(isc_result_t result, const cfg_obj_t *zconfig,
 	isc_result_t result2;
 	dns_view_t *pview = NULL;
 	dns_zone_t *zone = NULL;
-	dns_zone_t *raw = NULL;

 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	origin = dns_fixedname_initname(&fixorigin);
@ -7997,22 +7996,10 @@ configure_zone_setviewcommit(isc_result_t result, const cfg_obj_t *zconfig,
 		return;
 	}

-	dns_zone_getraw(zone, &raw);
-
 	if (result == ISC_R_SUCCESS) {
 		dns_zone_setviewcommit(zone);
-		if (raw != NULL) {
-			dns_zone_setviewcommit(raw);
-		}
 	} else {
 		dns_zone_setviewrevert(zone);
-		if (raw != NULL) {
-			dns_zone_setviewrevert(raw);
-		}
-	}
-
-	if (raw != NULL) {
-		dns_zone_detach(&raw);
 	}

 	dns_zone_detach(&zone);
--- a/bin/tests/system/views/clean.sh
+++ b/bin/tests/system/views/clean.sh
@ -27,6 +27,8 @@ rm -f ns2/internal/K*
 rm -f ns2/internal/inline.db.jbk
 rm -f ns2/internal/inline.db.signed
 rm -f ns2/internal/inline.db.signed.jnl
+rm -f ns2/zones.conf
+rm -f ns2/db.* ns2/K*
 rm -f dig.out.external dig.out.internal
 rm -f ns*/named.lock
 rm -f ns*/managed-keys.bind* ns*/*.mkeys*
--- a/bin/tests/system/views/ns2/named1.conf.in
+++ b/bin/tests/system/views/ns2/named1.conf.in
@ -41,3 +41,11 @@ zone "example" {
 	file "example.db";
 	allow-update { any; };
 };
+
+zone "inline" {
+	type primary;
+	file "external/inline.db";
+	key-directory "external";
+	auto-dnssec maintain;
+	inline-signing yes;
+};
--- a/bin/tests/system/views/ns2/named3.conf.in
+++ b/bin/tests/system/views/ns2/named3.conf.in
@ -0,0 +1,33 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	query-source address 10.53.0.2;
+	notify-source 10.53.0.2;
+	transfer-source 10.53.0.2;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+include "zones.conf";
--- a/bin/tests/system/views/tests.sh
+++ b/bin/tests/system/views/tests.sh
@ -132,5 +132,46 @@ test "$int" != "$ext" || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

+echo_i "verifying adding of multiple inline zones followed by reconfiguration works"
+
+[ ! -f ns2/zones.conf ] && touch ns2/zones.conf
+copy_setports ns2/named3.conf.in ns2/named.conf
+
+for i in `seq 1 50`; do
+	ret=0
+	zone_name=`printf "example%03d.com" $i`
+
+# Add a new zone to the configuration.
+	cat >> ns2/zones.conf << EOF
+zone "${zone_name}" {
+    type master;
+    file "db.${zone_name}";
+    dnssec-dnskey-kskonly yes;
+    auto-dnssec maintain;
+    inline-signing yes;
+};
+EOF
+
+# Create a master file for the zone.
+	cat > "ns2/db.${zone_name}" <<EOF
+\$TTL   86400
+@      IN  SOA localhost. hostmaster.localhost (
+                1612542642  ; serial
+                12H ; refresh
+                1H  ; retry
+                2w  ; expiry
+                1h  ; minimum
+        )
+
+        IN      NS      localhost
+localhost       IN      A       127.0.0.1
+EOF
+
+    $KEYGEN -q -Kns2 -fk -aecdsa256 ${zone_name} > /dev/null
+    $RNDCCMD 10.53.0.2 reconfig || ret=1
+    if [ $ret != 0 ]; then echo_i "failed"; break; fi
+done # end for #
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -1616,6 +1616,9 @@ dns_zone_setviewcommit(dns_zone_t *zone) {
 	if (zone->prev_view != NULL) {
 		dns_view_weakdetach(&zone->prev_view);
 	}
+	if (inline_secure(zone)) {
+		dns_zone_setviewcommit(zone->raw);
+	}
 	UNLOCK_ZONE(zone);
 }

@ -1628,6 +1631,9 @@ dns_zone_setviewrevert(dns_zone_t *zone) {
 		dns_zone_setview_helper(zone, zone->prev_view);
 		dns_view_weakdetach(&zone->prev_view);
 	}
+	if (inline_secure(zone)) {
+		dns_zone_setviewrevert(zone->raw);
+	}
 	UNLOCK_ZONE(zone);
 }