From 6ed14eff250abf04445eb9fa3c99104aa4b5c26f Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 11 Feb 2019 17:25:34 +0100 Subject: [PATCH] Unregister RPZ CATZ db cbs when zone load fails In case when a zone fails to load because the file does not exist or is malformed, we should not run the callback that updates the zone database when the load is done. This is achieved by unregistering the callbacks if at zone load end if the result indicates something else than success. --- lib/dns/zone.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 28f353a2ea..8eb4eb764e 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1792,6 +1792,18 @@ dns_zone_rpz_enable_db(dns_zone_t *zone, dns_db_t *db) { REQUIRE(result == ISC_R_SUCCESS); } +static void +dns_zone_rpz_disable_db(dns_zone_t *zone, dns_db_t *db) { + isc_result_t result; + if (zone->rpz_num == DNS_RPZ_INVALID_NUM) + return; + REQUIRE(zone->rpzs != NULL); + result = dns_db_updatenotify_unregister(db, + dns_rpz_dbupdate_callback, + zone->rpzs->zones[zone->rpz_num]); + REQUIRE(result == ISC_R_SUCCESS); +} + void dns_zone_catz_enable(dns_zone_t *zone, dns_catz_zones_t *catzs) { REQUIRE(DNS_ZONE_VALID(zone)); @@ -1819,6 +1831,17 @@ dns_zone_catz_enable_db(dns_zone_t *zone, dns_db_t *db) { } } +static void +dns_zone_catz_disable_db(dns_zone_t *zone, dns_db_t *db) { + REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(db != NULL); + + if (zone->catzs != NULL) { + dns_db_updatenotify_unregister(db, dns_catz_dbupdate_callback, + zone->catzs); + } +} + /* * Set catalog zone ownership of the zone */ @@ -2486,11 +2509,14 @@ dns_zone_setrawdata(dns_zone_t *zone, dns_masterrawheader_t *header) { static isc_result_t zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { + const char me[] = "zone_startload"; dns_load_t *load; isc_result_t result; isc_result_t tresult; unsigned int options; + ENTER; + dns_zone_rpz_enable_db(zone, db); dns_zone_catz_enable_db(zone, db); @@ -15805,6 +15831,15 @@ zone_loaddone(void *arg, isc_result_t result) { ENTER; + /* + * If zone loading failed, remove the update db callbacks prior + * to calling the list of callbacks in the zone load structure. + */ + if (result != ISC_R_SUCCESS) { + dns_zone_rpz_disable_db(zone, load->db); + dns_zone_catz_disable_db(zone, load->db); + } + tresult = dns_db_endload(load->db, &load->callbacks); if (tresult != ISC_R_SUCCESS && (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE))