]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2a5ae8)
Fix a bug in catz_process_apl() 11975/head
authorAram Sargsyan <aram@isc.org>
Mon, 4 May 2026 22:34:01 +0000 (22:34 +0000)
committerArаm Sаrgsyаn (GitLab job 7323974) <aram@isc.org>
Wed, 6 May 2026 19:37:12 +0000 (19:37 +0000)
The allow-transfer/allow-query catalog zone custom properties support
only APL RRtypes. All other types are correctly rejected by the
catz_process_apl() function. However, when an APL RRtype is processed
by that function, and another (non-APL) RRtype is then attempted to be
processed, there is an assertion failure happening in the prologue
of the function because `*aclbp != NULL` (i.e. an APL has been already
processed). Move the code to do type checking before the affected
REQUIRE assertion.

(cherry picked from commit 67e0090371b4bd4c8933b8644f68a3dbc592a214)

lib/dns/catz.c patch | blob | blame | history

diff --git a/lib/dns/catz.c b/lib/dns/catz.c
index 37e940b2e958b755f86838ad815e76b9f8515cac..4187e53252f540dfb20ff6d00bdb9d93a82d0d11 100644 (file)
--- a/lib/dns/catz.c
+++ b/lib/dns/catz.c
@@ -1569,6 +1569,17 @@ catz_process_primaries(dns_catz_zone_t *catz, dns_ipkeylist_t *ipkl,
 static isc_result_t
 catz_process_apl(dns_catz_zone_t *catz, isc_buffer_t **aclbp,
                 dns_rdataset_t *value) {
+       REQUIRE(DNS_RDATASET_VALID(value));
+       REQUIRE(dns_rdataset_isassociated(value));
+
+       if (value->type != dns_rdatatype_apl) {
+               return ISC_R_FAILURE;
+       }
+
+       REQUIRE(DNS_CATZ_ZONE_VALID(catz));
+       REQUIRE(aclbp != NULL);
+       REQUIRE(*aclbp == NULL);
+
        isc_result_t result = ISC_R_SUCCESS;
        dns_rdata_t rdata;
        dns_rdata_in_apl_t rdata_apl;
@@ -1577,16 +1588,6 @@ catz_process_apl(dns_catz_zone_t *catz, isc_buffer_t **aclbp,
        isc_buffer_t *aclb = NULL;
        unsigned char buf[256]; /* larger than INET6_ADDRSTRLEN */
 
-       REQUIRE(DNS_CATZ_ZONE_VALID(catz));
-       REQUIRE(aclbp != NULL);
-       REQUIRE(*aclbp == NULL);
-       REQUIRE(DNS_RDATASET_VALID(value));
-       REQUIRE(dns_rdataset_isassociated(value));
-
-       if (value->type != dns_rdatatype_apl) {
-               return ISC_R_FAILURE;
-       }
-
        if (dns_rdataset_count(value) > 1) {
                isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
                              DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,
Mirror of https://gitlab.isc.org/isc-projects/bind9.git