From cc4cb67149d6684d64273df74c069dbacacfdae2 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 3 Jan 2023 13:21:34 +0000 Subject: [PATCH 1/4] Fix a shutdown bug in update_rpz_cb() When shutting down, the cleanup path should not try to destroy 'newnodes', because it is NULL at that point. Introduce another label for the "shuttingdown" scenario. (cherry picked from commit 975d16230b5831532ec66769b60657c86882a244) --- lib/dns/rpz.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c index 4cacb4f8aa..eb19c4d7af 100644 --- a/lib/dns/rpz.c +++ b/lib/dns/rpz.c @@ -1918,7 +1918,7 @@ update_rpz_cb(void *data) { result = dns__rpz_shuttingdown(rpz->rpzs); if (result != ISC_R_SUCCESS) { - goto cleanup; + goto shuttingdown; } isc_ht_init(&newnodes, rpz->rpzs->mctx, 1, ISC_HT_CASE_SENSITIVE); @@ -1939,6 +1939,7 @@ update_rpz_cb(void *data) { cleanup: isc_ht_destroy(&newnodes); +shuttingdown: rpz->updateresult = result; } From c72b19b5e81c44f1badc1992fc2632c035b97e7c Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 3 Jan 2023 13:24:38 +0000 Subject: [PATCH 2/4] Fix a shutdown and error path bugs in rpz.c:update_nodes() When shutting down, or when dns_dbiterator_current() fails, 'node' shouldn't be detached, because it is NULL at that point. (cherry picked from commit d36728e42f8d099df0dc1d6d8a318ca57f6e57d3) --- lib/dns/rpz.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c index eb19c4d7af..5792320d1f 100644 --- a/lib/dns/rpz.c +++ b/lib/dns/rpz.c @@ -1744,7 +1744,6 @@ update_nodes(dns_rpz_zone_t *rpz, isc_ht_t *newnodes) { result = dns__rpz_shuttingdown(rpz->rpzs); if (result != ISC_R_SUCCESS) { - dns_db_detachnode(rpz->updb, &node); goto cleanup; } @@ -1754,7 +1753,6 @@ update_nodes(dns_rpz_zone_t *rpz, isc_ht_t *newnodes) { DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, "rpz: %s: failed to get dbiterator - %s", domain, isc_result_totext(result)); - dns_db_detachnode(rpz->updb, &node); goto cleanup; } From c3a4e142434afa732d40b8bcdb316fa6af31eaad Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 3 Jan 2023 13:34:58 +0000 Subject: [PATCH 3/4] Fix an error path bug in rpz.c:update_nodes() When dns_db_createiterator() fails, 'updbit' should not be destroyed for obvious reasons, i.e. it is NULL. (cherry picked from commit ef4f15d2d1f2b97c1443c3dc0422765bdc06ef9e) --- lib/dns/rpz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c index 5792320d1f..dbdf6a05fc 100644 --- a/lib/dns/rpz.c +++ b/lib/dns/rpz.c @@ -1725,7 +1725,7 @@ update_nodes(dns_rpz_zone_t *rpz, isc_ht_t *newnodes) { DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, "rpz: %s: failed to create DB iterator - %s", domain, isc_result_totext(result)); - goto cleanup; + return (result); } result = dns_dbiterator_first(updbit); From b236577ccf457566affbaff278abc647d5666e15 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 3 Jan 2023 13:27:00 +0000 Subject: [PATCH 4/4] Add a CHANGES note for [GL #3735] (cherry picked from commit 2824422e783da56a548254ed656792f67e95376c) --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index f5deb72378..7c93df7dbf 100644 --- a/CHANGES +++ b/CHANGES @@ -59,6 +59,9 @@ not negotiate "dot" ALPN token could crash BIND on shutdown. That has been fixed. [GL #3767] +6057. [bug] Fix shutdown and error path bugs in the rpz unit. + [GL #3735] + 5850. [func] Run the RPZ update process on the offload threads. [GL #3190]