upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-25 19:02:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix dropped covers field for SIG records in dns_diff_apply

Browse source 
rdata_covers() in lib/dns/diff.c discriminated only on
dns_rdatatype_rrsig (46) and returned 0 for the legacy SIG (24), so
the covered-type field was silently discarded on the dynamic-update
and IXFR paths.  Every SIG rdataset was then filed in the zone DB
under typepair (SIG, 0) instead of (SIG, covered_type); a second SIG
add with a different covers but a different TTL collided at that
bucket, tripped DNS_DBADD_EXACTTTL in qpzone, returned
DNS_R_NOTEXACT, and came back to the client as SERVFAIL.

Use dns_rdatatype_issig() here so both SIG and RRSIG carry their
covers through the diff, matching the helper pattern already used in
lib/dns/master.c, lib/ns/xfrout.c, lib/dns/qpcache.c, and the
dns__db_findrdataset() REQUIRE that the surrounding merge request
just relaxed.

(cherry picked from commit 0a5ba57116)
This commit is contained in:
Ondřej Surý 2026-04-16 11:21:48 +02:00 committed by Ondřej Surý
parent 88a87068fa
commit b575dbfd9e
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/dns/diff.c
View file

@ -40,7 +40,13 @@
static dns_rdatatype_t
rdata_covers(dns_rdata_t *rdata) {
return rdata->type == dns_rdatatype_rrsig ? dns_rdata_covers(rdata) : 0;
if (rdata->type == dns_rdatatype_rrsig ||
rdata->type == dns_rdatatype_sig)
{
return dns_rdata_covers(rdata);
}
return 0;
}
isc_result_t