From dbd15f962e1228b0f2913b473f95c7680a92b502 Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Thu, 12 Jan 2023 20:09:51 +0200
Subject: [PATCH] XoT: properly handle the case when checking for ALPN failed

During XoT it is important to check for "dot" ALPN tag to be
negotiated (according to the RFC 9103). We were doing that, however, the
situation was not handled properly, leading to non-cancelled zone
transfers that would crash (abort()) BIND on shutdown.

In this particular case 'result' might equal 'ISC_R_SUCCESS'. When
this is the case, the part of the code supposed to handle failures
will not cancel the zone transfer.

This situation cannot happen when BIND is a secondary of other BIND
instance. Only primaries following the RFC not closely enough could
trigger such a behaviour.

(cherry picked from commit 34a1aab1cb1231ff0348b0501b1277bddd804700)
---
 lib/dns/xfrin.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index b35a3f53d3..a8d6833236 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -1234,6 +1234,8 @@ xfrin_connect_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
 	CHECK(result);
 
 	if (!isc_nm_xfr_allowed(handle)) {
+		/* set the error code so that XFER will fail */
+		result = ISC_R_NOPERM;
 		goto failure;
 	}