diff --git a/CHANGES b/CHANGES index 423f11e413..a8df64d59e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,9 @@ +4126. [bug] Addressed a regression introduced in change #4121. + [RT #39611] + 4125. [test] Added tests for dig, renamed delv test to digdelv. [RT #39490] + 4124. [func] Log errors or warnings encountered when parsing the internal default configuration. Clarify the logging of errors and warnings encountered in rndc diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 701964dd94..88ed663924 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1607,7 +1607,6 @@ add_question(dns_message_t *message, dns_name_t *name, rdataset = NULL; result = dns_message_gettemprdataset(message, &rdataset); check_result(result, "dns_message_gettemprdataset()"); - dns_rdataset_init(rdataset); dns_rdataset_makequestion(rdataset, rdclass, rdtype); ISC_LIST_APPEND(name->list, rdataset, link); } @@ -2164,7 +2163,6 @@ insert_soa(dig_lookup_t *lookup) { rdatalist->rdclass = lookup->rdclass; ISC_LIST_APPEND(rdatalist->rdata, rdata, link); - dns_rdataset_init(rdataset); dns_rdatalist_tordataset(rdatalist, rdataset); result = dns_message_gettempname(lookup->sendmsg, &soaname); diff --git a/bin/named/query.c b/bin/named/query.c index fa03a16a29..b23d7521d8 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -595,7 +595,6 @@ query_newrdataset(ns_client_t *client) { "dns_message_gettemprdataset failed: done"); return (NULL); } - dns_rdataset_init(rdataset); CTRACE(ISC_LOG_DEBUG(3), "query_newrdataset: done"); return (rdataset); @@ -2347,7 +2346,6 @@ query_dns64(ns_client_t *client, dns_name_t **namep, dns_rdataset_t *rdataset, if (result != ISC_R_SUCCESS) goto cleanup; - dns_rdataset_init(dns64_rdataset); dns_rdatalist_init(dns64_rdatalist); dns64_rdatalist->rdclass = dns_rdataclass_in; dns64_rdatalist->type = dns_rdatatype_aaaa; @@ -2511,7 +2509,6 @@ query_filter64(ns_client_t *client, dns_name_t **namep, if (result != ISC_R_SUCCESS) goto cleanup; - dns_rdataset_init(myrdataset); dns_rdatalist_init(myrdatalist); myrdatalist->rdclass = dns_rdataclass_in; myrdatalist->type = dns_rdatatype_aaaa; @@ -2939,7 +2936,6 @@ query_add_cname(ns_client_t *client, dns_name_t *qname, dns_name_t *tname, dns_message_puttemprdata(client->message, &rdata); return (result); } - dns_rdataset_init(rdataset); rdatalist->type = dns_rdatatype_cname; rdatalist->rdclass = client->message->rdclass; rdatalist->ttl = ttl; @@ -4648,8 +4644,14 @@ rpz_rewrite_ip(ns_client_t *client, const isc_netaddr_t *netaddr, * In case num_zones has changed since zbits was * originally calculated */ - if (rpz_num >= rpzs->p.num_zones) - break; + if (rpz_num >= rpzs->p.num_zones) { + CTRACE(ISC_LOG_ERROR, + "rpz_rewrite_ip: rpz_num is higher than " + "number of zones"); + rpz_clean(&p_zone, &p_db, &p_node, p_rdatasetp); + st->m.policy = DNS_RPZ_POLICY_ERROR; + return (DNS_R_SERVFAIL); + } /* * Do not try applying policy zones that cannot replace a @@ -4975,8 +4977,14 @@ rpz_rewrite_name(ns_client_t *client, dns_name_t *trig_name, * In case num_zones has changed since the 'have' * originally calculated */ - if (rpz_num >= rpzs->p.num_zones) - break; + if (rpz_num >= rpzs->p.num_zones) { + CTRACE(ISC_LOG_ERROR, + "rpz_rewrite_name: rpz_num is higher than " + "number of zones"); + rpz_clean(&p_zone, &p_db, &p_node, rdatasetp); + st->m.policy = DNS_RPZ_POLICY_ERROR; + return (DNS_R_SERVFAIL); + } /* * Do not check policy zones that cannot replace a previously @@ -5147,7 +5155,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, LOCK(&rpzs->maint_lock); if (rpzs->p.num_zones == 0 || (!RECURSIONOK(client) && rpzs->p.no_rd_ok == 0) || - !rpz_ck_dnssec(client, result, ordataset, osigset)) + !rpz_ck_dnssec(client, qresult, ordataset, osigset)) { UNLOCK(&rpzs->maint_lock); return (DNS_R_DISALLOWED); @@ -5166,7 +5174,6 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, st->m.type = DNS_RPZ_TYPE_BAD; st->m.policy = DNS_RPZ_POLICY_MISS; st->m.ttl = ~0; - st->m.prefix = 0; memset(&st->r, 0, sizeof(st->r)); memset(&st->q, 0, sizeof(st->q)); dns_fixedname_init(&st->_p_namef); @@ -6502,15 +6509,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) { CTRACE(ISC_LOG_DEBUG(3), "resume from RPZ recursion"); - /* - * Has response policy changed out from under us? - */ - if (rpz_st->rpz_ver != client->view->rpzs->rpz_ver) { - CTRACE(ISC_LOG_ERROR, - "query_find: RPZ settings out of date"); - QUERY_ERROR(DNS_R_SERVFAIL); - goto cleanup; - } is_zone = rpz_st->q.is_zone; authoritative = rpz_st->q.authoritative; zone = rpz_st->q.zone; @@ -6585,6 +6583,20 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dns64_exclude = ISC_TRUE; } + if (rpz_st != NULL && + (rpz_st->state & DNS_RPZ_RECURSING) != 0) + { + /* + * Has response policy changed out from under us? + */ + if (rpz_st->rpz_ver != client->view->rpzs->rpz_ver) { + CTRACE(ISC_LOG_ERROR, + "query_find: RPZ settings out of date"); + QUERY_ERROR(DNS_R_SERVFAIL); + goto cleanup; + } + } + /* * We'll need some resources... */ diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c index ad1204beff..2fa495dad3 100644 --- a/bin/named/xfrout.c +++ b/bin/named/xfrout.c @@ -1351,7 +1351,6 @@ sendstream(xfrout_ctx_t *xfr) { result = dns_message_gettemprdataset(msg, &qrdataset); if (result != ISC_R_SUCCESS) goto failure; - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, xfr->client->message->rdclass, xfr->qtype); @@ -1466,7 +1465,6 @@ sendstream(xfrout_ctx_t *xfr) { result = dns_message_gettemprdataset(msg, &msgrds); if (result != ISC_R_SUCCESS) goto failure; - dns_rdataset_init(msgrds); result = dns_rdatalist_tordataset(msgrdl, msgrds); INSIST(result == ISC_R_SUCCESS); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 867deabd2c..eca42b4f8b 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -1372,7 +1372,6 @@ make_prereq(char *cmdline, isc_boolean_t ispositive, isc_boolean_t isrrset) { rdata->rdclass = rdatalist->rdclass; rdata->type = rdatatype; ISC_LIST_APPEND(rdatalist->rdata, rdata, link); - dns_rdataset_init(rdataset); dns_rdatalist_tordataset(rdatalist, rdataset); ISC_LIST_INIT(name->list); ISC_LIST_APPEND(name->list, rdataset, link); @@ -1895,7 +1894,6 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) { rdatalist->covers = rdatatype; rdatalist->ttl = (dns_ttl_t)ttl; ISC_LIST_APPEND(rdatalist->rdata, rdata, link); - dns_rdataset_init(rdataset); dns_rdatalist_tordataset(rdatalist, rdataset); ISC_LIST_INIT(name->list); ISC_LIST_APPEND(name->list, rdataset, link); diff --git a/bin/tests/dst/gsstest.c b/bin/tests/dst/gsstest.c index e57a8b58ff..e64d80d1e4 100644 --- a/bin/tests/dst/gsstest.c +++ b/bin/tests/dst/gsstest.c @@ -236,7 +236,6 @@ sendquery(isc_task_t *task, isc_event_t *event) dns_name_init(qname, NULL); dns_name_clone(dns_fixedname_name(&queryname), qname); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, dns_rdataclass_in, dns_rdatatype_a); ISC_LIST_APPEND(qname->list, qrdataset, link); diff --git a/bin/tests/sig0_test.c b/bin/tests/sig0_test.c index d07aecb1bf..edbc14f369 100644 --- a/bin/tests/sig0_test.c +++ b/bin/tests/sig0_test.c @@ -149,7 +149,6 @@ buildquery(void) { result = dns_message_gettemprdataset(query, &question); CHECK("dns_message_gettemprdataset", result); - dns_rdataset_init(question); dns_rdataset_makequestion(question, dns_rdataclass_in, dns_rdatatype_a); result = dns_message_gettempname(query, &qname); diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c index 022e87b4ca..5a67d6e216 100644 --- a/bin/tests/system/pipelined/pipequeries.c +++ b/bin/tests/system/pipelined/pipequeries.c @@ -171,7 +171,6 @@ sendquery(isc_task_t *task) { dns_name_init(qname, NULL); dns_name_clone(dns_fixedname_name(&queryname), qname); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, dns_rdataclass_in, dns_rdatatype_a); ISC_LIST_APPEND(qname->list, qrdataset, link); diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c index 9d96e83f2e..2df6c2aaab 100644 --- a/bin/tools/mdig.c +++ b/bin/tools/mdig.c @@ -562,7 +562,6 @@ sendquery(struct query *query, isc_task_t *task) dns_name_init(qname, NULL); dns_name_clone(dns_fixedname_name(&queryname), qname); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, query->rdclass, query->rdtype); ISC_LIST_APPEND(qname->list, qrdataset, link); diff --git a/lib/dns/acache.c b/lib/dns/acache.c index d3d28f8561..685a044e00 100644 --- a/lib/dns/acache.c +++ b/lib/dns/acache.c @@ -1505,7 +1505,6 @@ dns_acache_getentry(dns_acacheentry_t *entry, dns_zone_t **zonep, * trick to get the latest counter from the original * header. */ - dns_rdataset_init(ardataset); dns_rdataset_clone(erdataset, ardataset); ISC_LIST_APPEND(fname->list, ardataset, link); } diff --git a/lib/dns/client.c b/lib/dns/client.c index 82fe2b7945..8a29d9f893 100644 --- a/lib/dns/client.c +++ b/lib/dns/client.c @@ -2635,7 +2635,6 @@ copy_name(isc_mem_t *mctx, dns_message_t *msg, dns_name_t *name, result = dns_message_gettemprdataset(msg, &newrdataset); if (result != ISC_R_SUCCESS) goto fail; - dns_rdataset_init(newrdataset); dns_rdatalist_tordataset(rdatalist, newrdataset); ISC_LIST_APPEND(newname->list, newrdataset, link); diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 7cfa82d22f..dd97d5c208 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -955,7 +955,6 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { ISC_LIST_APPEND(datalist->rdata, rdata, link); dataset = NULL; RETERR(dns_message_gettemprdataset(msg, &dataset)); - dns_rdataset_init(dataset); RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) == ISC_R_SUCCESS); msg->sig0 = dataset; diff --git a/lib/dns/include/dns/rpz.h b/lib/dns/include/dns/rpz.h index 14a0737294..6205b85296 100644 --- a/lib/dns/include/dns/rpz.h +++ b/lib/dns/include/dns/rpz.h @@ -104,7 +104,7 @@ typedef isc_uint32_t dns_rpz_zbits_t; /* * The trigger counter type. */ -typedef ssize_t dns_rpz_trigger_counter_t; +typedef size_t dns_rpz_trigger_counter_t; /* * The number of triggers of each type in a response policy zone. diff --git a/lib/dns/message.c b/lib/dns/message.c index ef755b1322..6ff8d75828 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -3676,7 +3676,6 @@ dns_message_buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp, result = dns_message_gettemprdataset(message, &rdataset); if (result != ISC_R_SUCCESS) goto cleanup; - dns_rdataset_init(rdataset); rdatalist->type = dns_rdatatype_opt; diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 821d53dd71..48a7aa85ac 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1988,7 +1988,6 @@ resquery_send(resquery_t *query) { */ dns_name_init(qname, NULL); dns_name_clone(&fctx->name, qname); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, res->rdclass, fctx->type); ISC_LIST_APPEND(qname->list, qrdataset, link); dns_message_addname(fctx->qmessage, qname, DNS_SECTION_QUESTION); diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c index e622a0fb19..b65d683316 100644 --- a/lib/dns/rpz.c +++ b/lib/dns/rpz.c @@ -604,7 +604,7 @@ adj_trigger_cnt(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num, fix_qname_skip_recurse(rpzs); } } else { - REQUIRE(*cnt > 0); + REQUIRE(*cnt != 0); if (--*cnt == 0) { *have &= ~DNS_RPZ_ZBIT(rpz_num); fix_qname_skip_recurse(rpzs); @@ -1656,15 +1656,19 @@ fix_triggers(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_RPZ, DNS_LOGMODULE_RBTDB, DNS_RPZ_INFO_LEVEL, "(re)loading policy zone '%s' changed from" - " %zd to %zd qname, %zd to %zd nsdname," - " %zd to %zd IP, %zd to %zd NSIP entries", + " %lu to %lu qname, %lu to %lu nsdname," + " %lu to %lu IP, %lu to %lu NSIP entries", namebuf, - old_totals.qname, rpzs->total_triggers.qname, - old_totals.nsdname, rpzs->total_triggers.nsdname, - old_totals.ipv4 + old_totals.ipv6, - rpzs->total_triggers.ipv4 + rpzs->total_triggers.ipv6, - old_totals.nsipv4 + old_totals.nsipv6, - rpzs->total_triggers.nsipv4 + rpzs->total_triggers.nsipv6); + (unsigned long) old_totals.qname, + (unsigned long) rpzs->total_triggers.qname, + (unsigned long) old_totals.nsdname, + (unsigned long) rpzs->total_triggers.nsdname, + (unsigned long) old_totals.ipv4 + old_totals.ipv6, + (unsigned long) (rpzs->total_triggers.ipv4 + + rpzs->total_triggers.ipv6), + (unsigned long) old_totals.nsipv4 + old_totals.nsipv6, + (unsigned long) (rpzs->total_triggers.nsipv4 + + rpzs->total_triggers.nsipv6)); } /* diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c index cad8d89a73..66210d50f9 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -174,7 +174,6 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata, ISC_LIST_APPEND(newlist->rdata, newrdata, link); RETERR(dns_message_gettemprdataset(msg, &newset)); - dns_rdataset_init(newset); RETERR(dns_rdatalist_tordataset(newlist, newset)); ISC_LIST_INIT(newname->list); @@ -875,7 +874,6 @@ buildquery(dns_message_t *msg, dns_name_t *name, RETERR(dns_message_gettempname(msg, &aname)); RETERR(dns_message_gettemprdataset(msg, &question)); - dns_rdataset_init(question); dns_rdataset_makequestion(question, dns_rdataclass_any, dns_rdatatype_tkey); @@ -894,7 +892,6 @@ buildquery(dns_message_t *msg, dns_name_t *name, ISC_LIST_APPEND(tkeylist->rdata, rdata, link); RETERR(dns_message_gettemprdataset(msg, &tkeyset)); - dns_rdataset_init(tkeyset); RETERR(dns_rdatalist_tordataset(tkeylist, tkeyset)); dns_name_init(qname, NULL); diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index f40ec22368..af5a3070cc 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -1135,7 +1135,6 @@ dns_tsig_sign(dns_message_t *msg) { datalist->rdclass = dns_rdataclass_any; datalist->type = dns_rdatatype_tsig; ISC_LIST_APPEND(datalist->rdata, rdata, link); - dns_rdataset_init(dataset); RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) == ISC_R_SUCCESS); msg->tsig = dataset; diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index f5ec7b1927..30cfdaf1b2 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -1036,7 +1036,6 @@ tuple2msgname(dns_difftuple_t *tuple, dns_message_t *msg, dns_name_t **target) ISC_LIST_APPEND(rdl->rdata, rdata, link); CHECK(dns_message_gettemprdataset(msg, &rds)); - dns_rdataset_init(rds); CHECK(dns_rdatalist_tordataset(rdl, rds)); CHECK(dns_message_gettempname(msg, &name)); @@ -1089,7 +1088,6 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) { /* Formulate the question and attach it to the question name. */ CHECK(dns_message_gettemprdataset(msg, &qrdataset)); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, xfr->rdclass, xfr->reqtype); ISC_LIST_APPEND(qname->list, qrdataset, link); qrdataset = NULL; diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 07895fe0f6..fb3616780f 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -11671,7 +11671,6 @@ create_query(dns_zone_t *zone, dns_rdatatype_t rdtype, */ dns_name_init(qname, NULL); dns_name_clone(&zone->origin, qname); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, zone->rdclass, rdtype); ISC_LIST_APPEND(qname->list, qrdataset, link); dns_message_addname(message, qname, DNS_SECTION_QUESTION); @@ -12481,7 +12480,6 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags, */ dns_name_init(tempname, NULL); dns_name_clone(&zone->origin, tempname); - dns_rdataset_init(temprdataset); dns_rdataset_makequestion(temprdataset, zone->rdclass, dns_rdatatype_soa); ISC_LIST_APPEND(tempname->list, temprdataset, link); @@ -12546,7 +12544,6 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags, temprdatalist->ttl = rdataset.ttl; ISC_LIST_APPEND(temprdatalist->rdata, temprdata, link); - dns_rdataset_init(temprdataset); result = dns_rdatalist_tordataset(temprdatalist, temprdataset); if (result != ISC_R_SUCCESS) goto soa_cleanup; diff --git a/lib/samples/nsprobe.c b/lib/samples/nsprobe.c index 0d21661d5e..1c2a94feb7 100644 --- a/lib/samples/nsprobe.c +++ b/lib/samples/nsprobe.c @@ -275,7 +275,6 @@ make_querymessage(dns_message_t *message, dns_name_t *qname0, dns_name_init(qname, NULL); dns_name_clone(qname0, qname); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, message->rdclass, rdtype); ISC_LIST_APPEND(qname->list, qrdataset, link); dns_message_addname(message, qname, DNS_SECTION_QUESTION); diff --git a/lib/samples/sample-request.c b/lib/samples/sample-request.c index 1544a54e61..5cb116fd04 100644 --- a/lib/samples/sample-request.c +++ b/lib/samples/sample-request.c @@ -111,7 +111,6 @@ make_querymessage(dns_message_t *message, const char *namestr, dns_name_init(qname, NULL); dns_name_clone(qname0, qname); - dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, message->rdclass, rdtype); ISC_LIST_APPEND(qname->list, qrdataset, link); dns_message_addname(message, qname, DNS_SECTION_QUESTION);