[9.18] fix: usr: Fix a bug in allow-query/allow-transfer catalog zone custom properties

The :iscman:`named` process could terminate unexpectedly when processing a catalog zone with an invalid ``allow-query`` or ``allow-transfer`` custom property (i.e. having a non-APL type) coexisting with the valid property. This has been fixed. Closes #5941 Backport of MR !11954 Merge branch 'backport-5941-catz-catz_process_apl-bug-fix-9.18' into 'bind-9.18' See merge request isc-projects/bind9!11976
2026-06-10 10:00:00 -04:00 · 2026-05-06 21:10:08 +00:00 · 2026-05-06 21:10:08 +00:00 · 9e5a52e6fa
commit 9e5a52e6fa
parent 0b5874d3e1 084a0f47a7
5 changed files with 81 additions and 10 deletions
--- a/bin/tests/system/catz/ns1/named.conf.in
+++ b/bin/tests/system/catz/ns1/named.conf.in
@ -127,6 +127,16 @@ view "default" {
 		also-notify { 10.53.0.4; };
 		notify explicit;
 	};
+
+        # A catalog zone to test specific issues
+        zone "catalog-misc.example" {
+                type primary;
+                file "catalog-misc.example.db";
+                allow-transfer { any; };
+                allow-update { any; };
+                also-notify { 10.53.0.4; };
+                notify explicit;
+        };
 };

 view "ch" ch {
--- a/bin/tests/system/catz/ns4/named.conf.in
+++ b/bin/tests/system/catz/ns4/named.conf.in
@ -34,6 +34,9 @@ options {
 	dnssec-validation no;

 	catalog-zones {
+                zone "catalog-misc.example"
+                        min-update-interval 1s
+                        default-primaries { 10.53.0.1; };
 		zone "catalog-tls.example"
 			min-update-interval 1s
 			default-primaries { 10.53.0.1 key tsig_key tls ephemeral; };
@ -49,6 +52,12 @@ zone "catalog-tls.example" {
 	primaries { 10.53.0.1 key tsig_key tls ephemeral; };
 };

+zone "catalog-misc.example" {
+        type secondary;
+        file "catalog-misc.example.db";
+        primaries { 10.53.0.1; };
+};
+
 zone "catalog-self.example" {
 	type primary;
 	file "catalog-self.example.db";
--- a/bin/tests/system/catz/setup.sh
+++ b/bin/tests/system/catz/setup.sh
@ -22,6 +22,7 @@ cp -f ns1/catalog.example.db.in ns1/catalog1.example.db
 cp -f ns3/catalog.example.db.in ns3/catalog2.example.db
 cp -f ns1/catalog.example.db.in ns1/catalog3.example.db
 cp -f ns1/catalog.example.db.in ns1/catalog4.example.db
+cp -f ns1/catalog.example.db.in ns1/catalog-misc.example.db
 cp -f ns1/catalog.example.db.in ns1/catalog-tls.example.db
 cp -f ns4/catalog.example.db.in ns4/catalog-self.example.db

--- a/bin/tests/system/catz/tests.sh
+++ b/bin/tests/system/catz/tests.sh
@ -2654,6 +2654,56 @@ wait_for_soa @10.53.0.4 tls1.example. dig.out.test$n || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))

+##########################################################################
+# GL #5941
+
+nextpart ns4/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "Add a normal and a spurious allow-transfer RRs to catalog-misc zone using nsupdate ($n)"
+ret=0
+# It is important to include an RRtype with a numeric representation that is
+# less than APL. E.g., AFSDB is 18 which is less than APL's 42. Also including
+# the AMTRELAY RRtype (260) which is bigger than APL, just for completeness.
+$NSUPDATE -d <<END >>nsupdate.out.test$n 2>&1 || ret=1
+    server 10.53.0.1 ${PORT}
+    update add allow-transfer.ext.catalog-misc.example. 3600 IN AFSDB 0 hostname
+    update add allow-transfer.ext.catalog-misc.example. 3600 IN APL 1:10.53.0.0/24
+    update add allow-transfer.ext.catalog-misc.example. 3600 IN AMTRELAY 0 0 0 .
+    send
+END
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "waiting for secondary to sync up ($n)"
+ret=0
+wait_for_message ns4/named.run "catz: catalog-misc.example: reload done: success" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+nextpart ns4/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "Deleting the allow-query RRs from catalog-misc zone ($n)"
+ret=0
+$NSUPDATE -d <<END >>nsupdate.out.test$n 2>&1 || ret=1
+    server 10.53.0.1 ${PORT}
+    update delete allow-transfer.ext.catalog-misc.example. 3600 IN AFSDB 0 hostname
+    update delete allow-transfer.ext.catalog-misc.example. 3600 IN APL 1:10.53.0.0/24
+    update delete allow-transfer.ext.catalog-misc.example. 3600 IN AMTRELAY 0 0 0 .
+    send
+END
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "waiting for secondary to sync up ($n)"
+ret=0
+wait_for_message ns4/named.run "catz: catalog-misc.example: reload done: success" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 ##########################################################################
 # GL #3777
 nextpart ns4/named.run >/dev/null
--- a/lib/dns/catz.c
+++ b/lib/dns/catz.c
@ -1571,6 +1571,17 @@ catz_process_primaries(dns_catz_zone_t *catz, dns_ipkeylist_t *ipkl,
 static isc_result_t
 catz_process_apl(dns_catz_zone_t *catz, isc_buffer_t **aclbp,
 		 dns_rdataset_t *value) {
+	REQUIRE(DNS_RDATASET_VALID(value));
+	REQUIRE(dns_rdataset_isassociated(value));
+
+	if (value->type != dns_rdatatype_apl) {
+		return ISC_R_FAILURE;
+	}
+
+	REQUIRE(DNS_CATZ_ZONE_VALID(catz));
+	REQUIRE(aclbp != NULL);
+	REQUIRE(*aclbp == NULL);
+
 	isc_result_t result = ISC_R_SUCCESS;
 	dns_rdata_t rdata;
 	dns_rdata_in_apl_t rdata_apl;
@ -1579,16 +1590,6 @@ catz_process_apl(dns_catz_zone_t *catz, isc_buffer_t **aclbp,
 	isc_buffer_t *aclb = NULL;
 	unsigned char buf[256]; /* larger than INET6_ADDRSTRLEN */

-	REQUIRE(DNS_CATZ_ZONE_VALID(catz));
-	REQUIRE(aclbp != NULL);
-	REQUIRE(*aclbp == NULL);
-	REQUIRE(DNS_RDATASET_VALID(value));
-	REQUIRE(dns_rdataset_isassociated(value));
-
-	if (value->type != dns_rdatatype_apl) {
-		return ISC_R_FAILURE;
-	}
-
 	if (dns_rdataset_count(value) > 1) {
 		isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
 			      DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,