git.ipfire.org Git - thirdparty/bind9.git/commit

author	Petr Špaček <pspacek@isc.org>
	Thu, 13 Oct 2022 11:08:22 +0000 (13:08 +0200)
committer	Petr Špaček <pspacek@isc.org>
	Thu, 13 Oct 2022 11:08:28 +0000 (13:08 +0200)
commit	8a3aa8bda41946f1adf46201aa0be9555f4f2529
tree	8f024cacb6b668d7da80c28d42d7eda2ab44211f	tree \| snapshot
parent	dbc1166704ebef45304062be269f9fb3201bdc45	commit \| diff

Fix latent bug in RBT node attributes handling

Originally RBT node stored three lowest bits from dns_name_t attributes.
This had a curious side-effect noticed by Tony Finch:

If you create an rbt node from a DYNAMIC name then the flag will be
propagated through dns_rbt_namefromnode() ... if you subsequently call
dns_name_free() it will try to isc_mem_put() a piece of an rbt node ...
but dns_name_free() REQUIRE()s that the name is dynamic so in the usual
case where rbt nodes are created from non-dynamic names, this kind of
code will fail an assertion.

This is a bug it dates back to june 1999 when NAMEATTR_DYNAMIC was
invented.

Apparently it does not happen often :-)
I'm planning to get rid of DNS_NAMEATTR_ definitions and bit operations,
so removal of this "three-bit-subset" assignment is a first step.

We can keep only the ABSOLUTE flag in RBT node and nothing else because
names attached to rbt nodes are always readonly: The internal node_name()
function always sets the NAMEATTR_READONLY when making a dns_name that
refers to the node's name, so the READONLY flag will be set in the name
returned by dns_rbt_namefromnode().

Co-authored-by: Tony Finch <fanf@isc.org>

lib/dns/include/dns/rbt.h		diff \| blob \| blame \| history
lib/dns/rbt.c		diff \| blob \| blame \| history