3186. [bug] Version/db mis-match in rpz code. [RT #26180]

2026-06-11 16:19:59 -04:00 · 2011-10-28 11:46:50 +00:00 · 2011-10-28 11:46:50 +00:00 · 7b4b6f361b
commit 7b4b6f361b
parent 99d376d65a
7 changed files with 53 additions and 13 deletions
--- a/2
+++ b/2
@ -1,3 +1,5 @@
+3186.	[bug]		Version/db mis-match in rpz code. [RT #26180]
+
 3185.	[func]		New 'rndc signing' option for auto-dnssec zones:
 			 - 'rndc signing -list' displays the current
 			   state of signing operations
--- a/bin/named/query.c
+++ b/bin/named/query.c
@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: query.c,v 1.376 2011/10/20 21:42:11 marka Exp $ */
+/* $Id: query.c,v 1.377 2011/10/28 11:46:49 marka Exp $ */

 /*! \file */

@ -3828,6 +3828,7 @@ rpz_st_clear(ns_client_t *client) {
 	dns_rpz_st_t *st = client->query.rpz_st;

 	rpz_clean(&st->m.zone, &st->m.db, &st->m.node, NULL);
+	st->m.version = NULL;
 	if (st->m.rdataset != NULL)
 		query_putrdataset(client, &st->m.rdataset);

@ -4121,10 +4122,10 @@ rpz_rewrite_rrsets(ns_client_t *client, dns_rpz_type_t rpz_type,
 static isc_result_t
 rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
 	 dns_name_t *sname, dns_rpz_type_t rpz_type, dns_zone_t **zonep,
-	 dns_db_t **dbp, dns_dbnode_t **nodep, dns_rdataset_t **rdatasetp,
+	 dns_db_t **dbp, dns_dbversion_t **versionp,
+	 dns_dbnode_t **nodep, dns_rdataset_t **rdatasetp,
 	 dns_rpz_policy_t *policyp)
 {
-	dns_dbversion_t *version;
 	dns_rpz_policy_t policy;
 	dns_fixedname_t fixed;
 	dns_name_t *found;
@ -4145,8 +4146,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
 	 * Try to get either a CNAME or the type of record demanded by the
 	 * request from the policy zone.
 	 */
-	version = NULL;
-	result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, &version);
+	*versionp = NULL;
+	result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, versionp);
 	if (result != ISC_R_SUCCESS) {
 		*policyp = DNS_RPZ_POLICY_MISS;
 		return (DNS_R_NXDOMAIN);
@ -4154,14 +4155,14 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,

 	dns_fixedname_init(&fixed);
 	found = dns_fixedname_name(&fixed);
-	result = dns_db_findext(*dbp, qnamef, version, dns_rdatatype_any, 0,
+	result = dns_db_findext(*dbp, qnamef, *versionp, dns_rdatatype_any, 0,
 				client->now, nodep, found, &cm, &ci,
 				*rdatasetp, NULL);
 	if (result == ISC_R_SUCCESS) {
 		dns_rdatasetiter_t *rdsiter;

 		rdsiter = NULL;
-		result = dns_db_allrdatasets(*dbp, *nodep, version, 0,
+		result = dns_db_allrdatasets(*dbp, *nodep, *versionp, 0,
 					     &rdsiter);
 		if (result != ISC_R_SUCCESS) {
 			dns_db_detachnode(*dbp, nodep);
@ -4200,7 +4201,7 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
 			    qtype == dns_rdatatype_sig)
 				result = DNS_R_NXRRSET;
 			else
-				result = dns_db_findext(*dbp, qnamef, version,
+				result = dns_db_findext(*dbp, qnamef, *versionp,
 							qtype, 0, client->now,
 							nodep, found, &cm, &ci,
 							*rdatasetp, NULL);
@ -4268,6 +4269,7 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
 	dns_name_t *prefix, *suffix, *rpz_qname;
 	dns_zone_t *zone;
 	dns_db_t *db;
+	dns_dbversion_t *version;
 	dns_dbnode_t *node;
 	dns_rpz_policy_t policy;
 	unsigned int labels;
@ -4329,7 +4331,8 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
 		 * See if the policy record exists.
 		 */
 		result = rpz_find(client, qtype, rpz_qname, qname, rpz_type,
-				  &zone, &db, &node, rdatasetp, &policy);
+				  &zone, &db, &version, &node, rdatasetp,
+				  &policy);
 		switch (result) {
 		case DNS_R_NXDOMAIN:
 		case DNS_R_EMPTYNAME:
@ -4388,6 +4391,7 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
 			node = NULL;
 			st->m.db = db;
 			db = NULL;
+			st->m.version = version;
 			st->m.zone = zone;
 			zone = NULL;
 		}
@ -5700,6 +5704,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 			rpz_st->m.node = NULL;
 			db = rpz_st->m.db;
 			rpz_st->m.db = NULL;
+			version = rpz_st->m.version;
+			rpz_st->m.version = NULL;
 			zone = rpz_st->m.zone;
 			rpz_st->m.zone = NULL;

--- a/bin/tests/system/rpz/ns3/crash2
+++ b/bin/tests/system/rpz/ns3/crash2
@ -0,0 +1,25 @@
+; Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: crash2,v 1.2 2011/10/28 11:46:50 marka Exp $
+
+; a valid zone containing records that caused crashes
+
+$TTL	120
+@	SOA	crash2.tld3. hostmaster.ns.tld3. ( 1 3600 1200 604800 60 )
+	NS	ns
+ns	A	10.53.0.3
+
+; #18 in test1, crashed new ASSERT() in rbtdb.c
+c1	A	172.16.1.1
--- a/bin/tests/system/rpz/ns3/named.conf
+++ b/bin/tests/system/rpz/ns3/named.conf
@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: named.conf,v 1.4 2011/10/13 01:32:33 vjs Exp $ */
+/* $Id: named.conf,v 1.5 2011/10/28 11:46:50 marka Exp $ */


 options {
@ -89,3 +89,4 @@ zone "bl-garden."	{type master; file "bl-garden.db";
 				allow-update {any;};};

 zone "crash1.tld2"	{type master; file "crash1";};
+zone "crash2.tld3."	{type master; file "crash2";};
--- a/bin/tests/system/rpz/test1
+++ b/bin/tests/system/rpz/test1
@ -12,7 +12,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.

-; $Id: test1,v 1.6 2011/10/13 01:32:32 vjs Exp $
+; $Id: test1,v 1.7 2011/10/28 11:46:49 marka Exp $


 ; Use comment lines instead of blank lines to combine update requests into
@ -72,4 +72,8 @@ update add  a4-5.tld2.bl.	300 A	127.0.0.16
 ;	17
 update add  a4-6.tld2.bl.	300 CNAME .
 update add  a4-6-cname.tld2.bl.	300 A	127.0.0.17
+
+;	18
+update	add c1.crash2.tld3.bl.	300 CNAME .
+
 send
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: tests.sh,v 1.8 2011/10/13 13:03:51 marka Exp $
+# $Id: tests.sh,v 1.9 2011/10/28 11:46:50 marka Exp $

 # test response policy zones (RPZ)

@ -214,6 +214,7 @@ addr 56.56.56.56  a3-6.tld2		# 14 wildcard CNAME
 addr 57.57.57.57  a3-7.sub1.tld2	# 15 wildcard CNAME
 addr 127.0.0.16	  a4-5-cname3.tld2	# 16 CNAME chain
 addr 127.0.0.17	  a4-6-cname3.tld2	# 17 stop short in CNAME chain
+nxdomain c1.crash2.tld3			# 18 assert in rbtdb.c
 end_group

 start_group "IP rewrites" test2
--- a/lib/dns/include/dns/rpz.h
+++ b/lib/dns/include/dns/rpz.h
@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: rpz.h,v 1.4 2011/10/13 01:32:34 vjs Exp $ */
+/* $Id: rpz.h,v 1.5 2011/10/28 11:46:50 marka Exp $ */

 #ifndef DNS_RPZ_H
 #define DNS_RPZ_H 1
@ -105,6 +105,7 @@ typedef struct {
 		isc_result_t		result;
 		dns_zone_t		*zone;
 		dns_db_t		*db;
+		dns_dbversion_t		*version;
 		dns_dbnode_t		*node;
 		dns_rdataset_t		*rdataset;
 	} m;