upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-13 03:10:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

4321. [bug] Zones using mapped files containing out-of-zone data

Browse source 
could return SERVFAIL instead of the expected NODATA
                        or NXDOMAIN results. [RT #41596]

(cherry picked from commit f9da4a8e54)
This commit is contained in:
Mark Andrews 2016-02-24 11:13:24 +11:00
parent c2d5cfa264
commit f0eb27c402
9 changed files with 136 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
4321. [bug] Zones using mapped files containing out-of-zone data
could return SERVFAIL instead of the expected NODATA
or NXDOMAIN results. [RT #41596]
4320. [bug] Insufficient memory allocation when handling
"none" ACL could cause an assertion failure in
named when parsing ACL configuration. [RT #41745]

3
bin/tests/system/xfer/clean.sh
View file

@ -36,3 +36,6 @@ rm -f ns7/*.db ns7/*.bk ns7/*.jnl
rm -f */named.memstats
rm -f */named.run
rm -f */ans.run
rm -f ns2/mapped.db
rm -f ns3/mapped.bk
rm -f dig.out.?.*

26
bin/tests/system/xfer/knowngood.mapped Normal file
View file

@ -0,0 +1,26 @@
; <<>> DiG 9.10.2-P3 <<>> -p 5300 axfr mapped @10.53.0.3
;; global options: +cmd
mapped. 3600 IN SOA . . 0 0 0 2147483647 0
example.aa. 3600 IN A 1.2.3.4
example1.aa. 3600 IN A 1.2.3.4
example.bb. 3600 IN A 1.2.3.4
example1.bb. 3600 IN A 1.2.3.4
example.com. 3600 IN A 1.2.3.4
example1.com. 3600 IN A 1.2.3.4
bar.dd. 3600 IN A 1.2.3.4
foo.ee. 3600 IN A 1.2.3.4
foo.ff. 3600 IN A 1.2.3.4
foo.gg. 3600 IN A 1.2.3.4
foo.hh. 3600 IN A 1.2.3.4
foo.ii. 3600 IN A 1.2.3.4
foo.jj. 3600 IN A 1.2.3.4
foo.kk. 3600 IN A 1.2.3.4
foo.ll. 3600 IN A 1.2.3.4
mapped. 3600 IN NS .
mapped. 3600 IN SOA . . 0 0 0 2147483647 0
;; Query time: 4 msec
;; SERVER: 10.53.0.3#5300(10.53.0.3)
;; WHEN: Tue Feb 16 14:38:25 EST 2016
;; XFR size: 18 records (messages 1, bytes 468)

17
bin/tests/system/xfer/ns2/mapped.db.in Normal file
View file

@ -0,0 +1,17 @@
mapped. 3600 IN SOA . . 0 0 0 2147483647 0
example.aa. 3600 IN A 1.2.3.4
example1.aa. 3600 IN A 1.2.3.4
example.bb. 3600 IN A 1.2.3.4
example1.bb. 3600 IN A 1.2.3.4
example.com. 3600 IN A 1.2.3.4
example1.com. 3600 IN A 1.2.3.4
bar.dd. 3600 IN A 1.2.3.4
foo.ee. 3600 IN A 1.2.3.4
foo.ff. 3600 IN A 1.2.3.4
foo.gg. 3600 IN A 1.2.3.4
foo.hh. 3600 IN A 1.2.3.4
foo.ii. 3600 IN A 1.2.3.4
foo.jj. 3600 IN A 1.2.3.4
foo.kk. 3600 IN A 1.2.3.4
foo.ll. 3600 IN A 1.2.3.4
mapped. 3600 IN NS .

7
bin/tests/system/xfer/ns2/named.conf
View file

@ -66,3 +66,10 @@ zone "slave" {
masters { 10.53.0.1; };
masterfile-format text;
};
zone "mapped" {
type slave;
file "mapped.db";
masterfile-format text;
masters { 10.53.0.100; };
};

7
bin/tests/system/xfer/ns3/named.conf
View file

@ -74,4 +74,9 @@ zone "tsigzone" {
allow-transfer { key tsigzone.; };
};
zone "mapped" {
type slave;
masters { 10.53.0.2; };
masterfile-format map;
file "mapped.bk";
};

2
bin/tests/system/xfer/setup.sh
View file

@ -33,3 +33,5 @@ cp -f ns4/named.conf.base ns4/named.conf
cp ns2/slave.db.in ns2/slave.db
touch -t 200101010000 ns2/slave.db
cp ns2/mapped.db.in ns2/mapped.db

23
bin/tests/system/xfer/tests.sh
View file

@ -23,7 +23,9 @@ SYSTEMTESTTOP=..
DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
status=0
n=0
n=`expr $n + 1`
echo "I:testing basic zone transfer functionality"
$DIG $DIGOPTS example. \
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
@ -49,6 +51,7 @@ $PERL ../digcomp.pl dig1.good dig.out.ns2 || status=1
$PERL ../digcomp.pl dig1.good dig.out.ns3 || status=1
n=`expr $n + 1`
echo "I:testing TSIG signed zone transfers"
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 axfr -y tsigzone.:1234abcd8765 -p 5300 \
@ -124,6 +127,7 @@ grep "1397051952 ; serial" ns2/slave.db > /dev/null 2>&1 || tmp=1
if test $tmp != 0 ; then echo "I:failed"; fi
status=`expr $status + $tmp`
n=`expr $n + 1`
echo "I:testing ixfr-from-differences yes;"
tmp=0
for i in 0 1 2 3 4 5 6 7 8 9
@ -146,6 +150,7 @@ test -f ns3/example.bk.jnl || tmp=1
if test $tmp != 0 ; then echo "I:failed"; fi
status=`expr $status + $tmp`
n=`expr $n + 1`
echo "I:testing ixfr-from-differences master; (master zone)"
tmp=0
@ -166,6 +171,7 @@ test -f ns3/master.bk.jnl || tmp=1
if test $tmp != 0 ; then echo "I:failed"; fi
status=`expr $status + $tmp`
n=`expr $n + 1`
echo "I:testing ixfr-from-differences master; (slave zone)"
tmp=0
@ -186,6 +192,7 @@ test -f ns6/slave.bk.jnl && tmp=1
if test $tmp != 0 ; then echo "I:failed"; fi
status=`expr $status + $tmp`
n=`expr $n + 1`
echo "I:testing ixfr-from-differences slave; (master zone)"
tmp=0
@ -195,6 +202,8 @@ test -f ns7/master2.db.jnl && tmp=1
if test $tmp != 0 ; then echo "I:failed"; fi
status=`expr $status + $tmp`
n=`expr $n + 1`
echo "I:testing ixfr-from-differences slave; (slave zone)"
tmp=0
@ -368,5 +377,19 @@ $DIGCMD nil. TXT | grep 'incorrect key AXFR' >/dev/null && {
status=1
}
n=`expr $n + 1`
echo "I:test mapped zone with out of zone data ($n)"
tmp=0
$DIG -p 5300 txt mapped @10.53.0.3 > dig.out.1.$n
grep "status: NOERROR," dig.out.1.$n > /dev/null || tmp=1
$PERL $SYSTEMTESTTOP/stop.pl . ns3
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns3
$DIG -p 5300 txt mapped @10.53.0.3 > dig.out.2.$n
grep "status: NOERROR," dig.out.2.$n > /dev/null || tmp=1
$DIG -p 5300 axfr mapped @10.53.0.3 > dig.out.3.$n
$PERL ../digcomp.pl knowngood.mapped dig.out.3.$n || tmp=1
if test $tmp != 0 ; then echo "I:failed"; fi
status=`expr $status + $tmp`
echo "I:exit status: $status"
exit $status

78
lib/dns/rbtdb.c
View file

@ -7227,8 +7227,9 @@ deserialize32(void *arg, FILE *f, off_t offset) {
int fd;
off_t filesize = 0;
char *base;
dns_rbt_t *temporary_rbt = NULL;
dns_rbt_t *tree = NULL, *nsec = NULL, *nsec3 = NULL;
int protect, flags;
dns_rbtnode_t *origin_node = NULL;
REQUIRE(VALID_RBTDB(rbtdb));
@ -7253,28 +7254,21 @@ deserialize32(void *arg, FILE *f, off_t offset) {
header = (rbtdb_file_header_t *)(base + offset);
rbtdb->mmap_location = base;
rbtdb->mmap_size = (size_t) filesize;
rbtdb->origin_node = NULL;
if (header->tree != 0) {
result = dns_rbt_deserialize_tree(base, filesize,
(off_t) header->tree,
rbtdb->common.mctx,
delete_callback, rbtdb,
rbt_datafixer, rbtdb,
&rbtdb->origin_node,
&temporary_rbt);
if (temporary_rbt != NULL) {
dns_rbt_destroy(&rbtdb->tree);
rbtdb->tree = temporary_rbt;
temporary_rbt = NULL;
rbtdb->origin_node =
(dns_rbtnode_t *)(header->tree + base + 1024);
}
NULL, &tree);
if (result != ISC_R_SUCCESS)
return (result);
goto cleanup;
result = dns_rbt_findnode(tree, &rbtdb->common.origin, NULL,
&origin_node, NULL,
DNS_RBTFIND_EMPTYDATA, NULL, NULL);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
if (header->nsec != 0) {
@ -7283,14 +7277,9 @@ deserialize32(void *arg, FILE *f, off_t offset) {
rbtdb->common.mctx,
delete_callback, rbtdb,
rbt_datafixer, rbtdb,
NULL, &temporary_rbt);
if (temporary_rbt != NULL) {
dns_rbt_destroy(&rbtdb->nsec);
rbtdb->nsec = temporary_rbt;
temporary_rbt = NULL;
}
NULL, &nsec);
if (result != ISC_R_SUCCESS)
return (result);
goto cleanup;
}
if (header->nsec3 != 0) {
@ -7299,17 +7288,46 @@ deserialize32(void *arg, FILE *f, off_t offset) {
rbtdb->common.mctx,
delete_callback, rbtdb,
rbt_datafixer, rbtdb,
NULL, &temporary_rbt);
if (temporary_rbt != NULL) {
dns_rbt_destroy(&rbtdb->nsec3);
rbtdb->nsec3 = temporary_rbt;
temporary_rbt = NULL;
}
NULL, &nsec3);
if (result != ISC_R_SUCCESS)
return (result);
goto cleanup;
}
/*
* We have a successfully loaded all the rbt trees now update
* rbtdb to use them.
*/
rbtdb->mmap_location = base;
rbtdb->mmap_size = (size_t) filesize;
if (tree != NULL) {
dns_rbt_destroy(&rbtdb->tree);
rbtdb->tree = tree;
rbtdb->origin_node = origin_node;
}
if (nsec != NULL) {
dns_rbt_destroy(&rbtdb->nsec);
rbtdb->nsec = nsec;
}
if (nsec3 != NULL) {
dns_rbt_destroy(&rbtdb->nsec3);
rbtdb->nsec3 = nsec3;
}
return (ISC_R_SUCCESS);
cleanup:
if (tree != NULL)
dns_rbt_destroy(&tree);
if (nsec != NULL)
dns_rbt_destroy(&nsec);
if (nsec3 != NULL)
dns_rbt_destroy(&nsec3);
isc_file_munmap(base, (size_t) filesize);
return (result);
}
static isc_result_t