Disallow TYPE0 to be queried or inserted into the database

The RR type 0 is a reserved type for SIG[1] resource record.  It should
not be ever inserted into the database nor queried.  Add a special
handling to bail out quickly with DNS_R_DISALLOWED when inserting and
ISC_R_NOTFOUND when looking up TYPE0.  This is also prerequisite for
stricter checks in the follow-up commit.

1. https://www.rfc-editor.org/rfc/rfc2535#section-4.1.8.1

diff --git a/lib/dns/qpcache.c b/lib/dns/qpcache.c
index 0f10245aa4c9b9dc7d749334eb9fe67a7112bf62..c6ebb0a575da2e6f081014bd8a6b63a70e3a6ce0 100644 (file)
--- a/lib/dns/qpcache.c
+++ b/lib/dns/qpcache.c
@@ -2066,7 +2066,7 @@ qpcache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
        dns_slabheader_t *header_prev = NULL, *header_next = NULL;
        dns_slabheader_t *found = NULL, *foundsig = NULL;
        dns_typepair_t typepair, sigpair, negpair;
-       isc_result_t result;
+       isc_result_t result = ISC_R_SUCCESS;
        isc_rwlock_t *nlock = NULL;
        isc_rwlocktype_t nlocktype = isc_rwlocktype_none;
        qpc_search_t search = (qpc_search_t){
@@ -2078,7 +2078,9 @@ qpcache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
        REQUIRE(version == NULL);
        REQUIRE(type != dns_rdatatype_any);
 
-       result = ISC_R_SUCCESS;
+       if (type == dns_rdatatype_none && covers == dns_rdatatype_none) {
+               return ISC_R_NOTFOUND;
+       }
 
        nlock = &qpdb->buckets[qpnode->locknum].lock;
        NODE_RDLOCK(nlock, &nlocktype);

diff --git a/lib/dns/qpzone.c b/lib/dns/qpzone.c
index 8253d21dde5d6b3a6181526255451212700031ca..59f80a511316d1a776e855de032b8c5d835aba9e 100644 (file)
--- a/lib/dns/qpzone.c
+++ b/lib/dns/qpzone.c
@@ -1631,6 +1631,10 @@ qpzone_findrdataset(dns_db_t *db, dns_dbnode_t *dbnode,
        REQUIRE(type != dns_rdatatype_any);
        INSIST(version == NULL || version->qpdb == qpdb);
 
+       if (type == dns_rdatatype_none && covers == dns_rdatatype_none) {
+               return ISC_R_NOTFOUND;
+       }
+
        if (version == NULL) {
                currentversion(db, (dns_dbversion_t **)&version);
                close_version = true;

diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
index 9f862422b937f66843ded3c5f027125dbedec2ba..c12c2904c4614e19f337cfaba0792a30b9f208f4 100644 (file)
--- a/lib/dns/rdataslab.c
+++ b/lib/dns/rdataslab.c
@@ -341,6 +341,12 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
                           isc_region_t *region, uint32_t maxrrperset) {
        isc_result_t result;
 
+       if (rdataset->type == dns_rdatatype_none &&
+           rdataset->covers == dns_rdatatype_none)
+       {
+               return DNS_R_DISALLOWED;
+       }
+
        result = makeslab(rdataset, mctx, region, maxrrperset);
        if (result == ISC_R_SUCCESS) {
                dns_slabheader_t *new = (dns_slabheader_t *)region->base;

diff --git a/tests/dns/dbversion_test.c b/tests/dns/dbversion_test.c
index 4b011d1258003cfa349505d2cc3e6295d8452d7e..1a50335930ff64642ef110f94c33d3bc893a69a8 100644 (file)
--- a/tests/dns/dbversion_test.c
+++ b/tests/dns/dbversion_test.c
@@ -277,15 +277,25 @@ ISC_RUN_TEST_IMPL(deleterdataset) {
 ISC_RUN_TEST_IMPL(subtract) {
        isc_result_t res;
        dns_rdataset_t rdataset;
+       dns_rdata_t rdata = DNS_RDATA_INIT;
        dns_rdatalist_t rdatalist;
        dns_dbnode_t *node = NULL;
+       char *txt = (char *)"\006text 1";
+       size_t len = strlen(txt);
 
-       UNUSED(state);
+       rdata.rdclass = dns_rdataclass_in;
+       rdata.type = dns_rdatatype_txt;
+
+       rdata.length = len;
+       rdata.data = (unsigned char *)txt;
 
        dns_rdataset_init(&rdataset);
        dns_rdatalist_init(&rdatalist);
 
        rdatalist.rdclass = dns_rdataclass_in;
+       rdatalist.type = dns_rdatatype_txt;
+
+       ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
 
        dns_rdatalist_tordataset(&rdatalist, &rdataset);
 
@@ -316,15 +326,25 @@ ISC_RUN_TEST_IMPL(subtract) {
 ISC_RUN_TEST_IMPL(addrdataset) {
        isc_result_t res;
        dns_rdataset_t rdataset;
+       dns_rdata_t rdata = DNS_RDATA_INIT;
        dns_dbnode_t *node = NULL;
        dns_rdatalist_t rdatalist;
+       char *txt = (char *)"\006text 1";
+       size_t len = strlen(txt);
 
-       UNUSED(state);
+       rdata.rdclass = dns_rdataclass_in;
+       rdata.type = dns_rdatatype_txt;
+
+       rdata.length = len;
+       rdata.data = (unsigned char *)txt;
 
        dns_rdataset_init(&rdataset);
        dns_rdatalist_init(&rdatalist);
 
        rdatalist.rdclass = dns_rdataclass_in;
+       rdatalist.type = dns_rdatatype_txt;
+
+       ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
 
        dns_rdatalist_tordataset(&rdatalist, &rdataset);