While isc_buffer_copyregion() calls isc_buffer_reserve() to ensure the
target buffer will have enough available space to append the contents of
the source region to it, the variables used for subsequently checking
available space are not updated accordingly after that call. This
prevents isc_buffer_copyregion() from working as expected for
auto-reallocated buffers: ISC_R_NOSPACE will be returned if enough space
is not already available in the target buffer before it is reallocated.
Fix by calling isc_buffer_used() and isc_buffer_availablelength()
directly instead of assigning their return values to local variables.
(cherry picked from commit e1f0aed034)
Add some basic checks for isc_buffer_copyregion() to ensure it behaves
as expected for both fixed-size buffers and buffers which can be
automatically reallocated. Adjust the list of headers included by
lib/isc/tests/buffer_test.c so that it matches what that test program
really uses.
(cherry picked from commit 15440d8027)
Contrary to what the documentation states, the "server-addresses"
static-stub zone option does not accept custom port numbers. Fix the
configuration type used by the "server-addresses" option to ensure
documentation matches source code. Remove a check_zoneconf() test which
is unnecessary with this fix in place.
(cherry picked from commit b324576858)
The race condition is the timer elapses before isc__timer_create()
returns the pointer to the caller. Assigning the return pointer before
enabling the timer will fix it.
(cherry picked from commit 21966423cd)
Zone loading happens in a different task (zone->loadtask) than other
zone actions (zone->task). Thus, when zone_postload() is called in the
context of zone->loadtask, it may cause zone maintenance to be queued in
zone->task and another thread can then execute zone_maintenance() before
zone_postload() gets a chance to finish its work in the first thread.
This would not be a problem if zone_maintenance() accounted for this
possibility by locking the zone before checking the state of its
DNS_ZONEFLG_LOADPENDING flag. However, the zone is currently not locked
before the state of that flag is checked, which may prevent zone
maintenance from happening despite zone_postload() scheduling it. Fix
by locking the zone in zone_maintenance() before checking the state of
the zone's DNS_ZONEFLG_LOADPENDING flag.
(cherry picked from commit 56003e9f9f)
While "rndc reload" causes dns_zone_asyncload() to be called for the
signed version of an inline-signed zone, the subsequent zone_load() call
causes the raw version to be reloaded from storage. This means that
DNS_ZONEFLG_LOADPENDING gets set for the signed version of the zone by
dns_zone_asyncload() before the reload is attempted, but zone_postload()
is only called for the raw version and thus DNS_ZONEFLG_LOADPENDING is
cleared for the raw version, but not for the signed version. This in
turn prevents zone maintenance from happening for the signed version of
the zone.
Until commit 749b3cacfc, this problem
remained dormant because DNS_ZONEFLG_LOADPENDING was previously
immediately, unconditionally cleared after zone loading was started
(whereas it should only be cleared when zone loading is finished or an
error occurs). This behavior caused other issues [1] and thus had to be
changed.
Fix reloading inline-signed zones by clearing DNS_ZONEFLG_LOADPENDING
for the signed version of the zone once the raw version reload
completes. Take care not to clear it prematurely during initial zone
load. Also make sure that DNS_ZONEFLG_LOADPENDING gets cleared when
zone_postload() encounters an error or returns early, to prevent other
scenarios from resulting in the same problem. Add comments aiming to
help explain code flow.
[1] see RT #47076
(cherry picked from commit 5431583971)
When an inline-signed zone is loaded, the master file for its signed
version is loaded and then a rollforward of the journal for the signed
version of the zone is performed. If DNS_JOURNALOPT_RESIGN is not set
during the latter phase, signatures loaded from the journal for the
signed version of the zone will not be scheduled for refresh. Fix the
conditional expression determining which flags should be used for the
dns_journal_rollforward() call so that DNS_JOURNALOPT_RESIGN is set when
zone_postload() is called for the signed version of an inline-signed
zone.
Extend bin/tests/system/stop.pl so that it can use "rndc halt" instead
of "rndc stop" as the former allows master file flushing upon shutdown
to be suppressed.
(cherry picked from commit 8db550c42f)
dst__openssl_toresult3() first calls toresult() and subsequently uses
ERR_get_error_line_data() in a loop. Given this, it is a mistake to use
ERR_get_error() in toresult() because it causes the retrieved error to
be removed from the OpenSSL error queue, thus preventing it from being
retrieved by the subsequent ERR_get_error_line_data() calls. Fix by
using ERR_peek_error() instead of ERR_get_error() in toresult().
(cherry picked from commit 36436268b5)
When two or more absolute, two-label names are added to a completely
empty RBT, an extra, empty node for the root name will be created due to
node splitting. check_tree() expects that, but the extra node will not
be created when just one name is added to a completely empty RBT. This
problem could be handled inside check_tree(), but that would introduce
unnecessary complexity into it since adding a single name will result in
a different node count for a completely empty RBT (node count will be 1)
and an RBT containing only an empty node for the root name, created due
to prior node splitting (node count will be 2). Thus, first explicitly
create a node for the root name to prevent rare check_tree() failures
caused by a single name being added in the first iteration of the
insert/remove loop.
(cherry picked from commit 13fe763798)
If "rndc signing -nsec3param ..." is ran for a zone which has not yet
been loaded or transferred (i.e. its "db" field is NULL), it will be
silently ignored by named despite rndc logging an "nsec3param request
queued" message, which is misleading. Prevent this by keeping a
per-zone queue of NSEC3PARAM change requests which arrive before a zone
is loaded or transferred and processing that queue once the raw version
of an inline-signed zone becomes available.
(cherry picked from commit cb40c5229a)
