[9.18] fix: dev: Validating ADB fetches could cause a crash in import_rdataset()

Previously, in some cases, the resolver could return rdatasets of type CNAME or DNAME without the result code being set to `DNS_R_CNAME` or `DNS_R_DNAME`. This could trigger an assertion failure in the ADB. The resolver error has been fixed. Closes #5201 Backport of MR !10172 Backport of MR !10178 Merge branch 'backport-5201-adb-cname-error-9.18' into 'bind-9.18' See merge request isc-projects/bind9!10330
2026-05-28 04:34:54 -04:00 · 2025-03-26 12:09:19 +00:00 · 2025-03-26 12:09:19 +00:00 · f24bacb190
commit f24bacb190
parent 4c8e1b8256 04d18f31ce
1 changed files with 51 additions and 18 deletions
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -6146,11 +6146,24 @@ answer_response:
 		 * Negative results must be indicated in event->result.
 		 */
 		INSIST(hevent->rdataset != NULL);
-		if (dns_rdataset_isassociated(hevent->rdataset) &&
-		    NEGATIVE(hevent->rdataset))
-		{
-			INSIST(eresult == DNS_R_NCACHENXDOMAIN ||
-			       eresult == DNS_R_NCACHENXRRSET);
+		if (dns_rdataset_isassociated(hevent->rdataset)) {
+			if (NEGATIVE(hevent->rdataset)) {
+				INSIST(eresult == DNS_R_NCACHENXDOMAIN ||
+				       eresult == DNS_R_NCACHENXRRSET);
+			} else if (eresult == ISC_R_SUCCESS &&
+				   hevent->rdataset->type != fctx->type)
+			{
+				switch (hevent->rdataset->type) {
+				case dns_rdatatype_cname:
+					eresult = DNS_R_CNAME;
+					break;
+				case dns_rdatatype_dname:
+					eresult = DNS_R_DNAME;
+					break;
+				default:
+					break;
+				}
+			}
 		}

 		hevent->result = eresult;
@ -6799,11 +6812,25 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message,
 			 * Negative results must be indicated in
 			 * event->result.
 			 */
-			if (dns_rdataset_isassociated(event->rdataset) &&
-			    NEGATIVE(event->rdataset))
-			{
-				INSIST(eresult == DNS_R_NCACHENXDOMAIN ||
-				       eresult == DNS_R_NCACHENXRRSET);
+			if (dns_rdataset_isassociated(event->rdataset)) {
+				if (NEGATIVE(event->rdataset)) {
+					INSIST(eresult ==
+						       DNS_R_NCACHENXDOMAIN ||
+					       eresult == DNS_R_NCACHENXRRSET);
+				} else if (eresult == ISC_R_SUCCESS &&
+					   event->rdataset->type != fctx->type)
+				{
+					switch (event->rdataset->type) {
+					case dns_rdatatype_cname:
+						eresult = DNS_R_CNAME;
+						break;
+					case dns_rdatatype_dname:
+						eresult = DNS_R_DNAME;
+						break;
+					default:
+						break;
+					}
+				}
 			}
 			event->result = eresult;
 			if (adbp != NULL && *adbp != NULL) {
@ -6908,15 +6935,21 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
 			}
 		} else {
 			/*
-			 * Either we don't care about the nature of the
-			 * cache rdataset (because no fetch is
-			 * interested in the outcome), or the cache
-			 * rdataset is not a negative cache entry.
-			 * Whichever case it is, we can return success.
-			 *
-			 * XXXRTH  There's a CNAME/DNAME problem here.
+			 * The attempt to add a negative cache entry
+			 * was rejected.  Set *eresultp to reflect
+			 * the type of the dataset being returned.
 			 */
-			*eresultp = ISC_R_SUCCESS;
+			switch (ardataset->type) {
+			case dns_rdatatype_cname:
+				*eresultp = DNS_R_CNAME;
+				break;
+			case dns_rdatatype_dname:
+				*eresultp = DNS_R_DNAME;
+				break;
+			default:
+				*eresultp = ISC_R_SUCCESS;
+				break;
+			}
 		}
 		result = ISC_R_SUCCESS;
 	}