Clear dns64_aaaaok immediately after use

The DNS64 state information stored in client->query.dns64_aaaaok
could cause an assertion failure in query_respond() if the server
was configured in such a way as to trigger a new recursion before
the query had been reset - for example, by using the filter-aaaa
plugin, which may need to recurse to find out whether an A record
exists.

This has been addressed by clearing DNS64 state information
immediately after the call to query_filter64().

(cherry picked from commit 7213b038f0beb2f4750b858113af1f9e18ae0520)

diff --git a/bin/tests/system/filter_aaaa/ns5/named.conf.in b/bin/tests/system/filter_aaaa/ns5/named.conf.in
index 36380cd3215b9cb3d7ccd132a0dc9bf387f22b77..37cb8d3fbbea494c5b986a309f7a58d338a31fae 100644 (file)
--- a/bin/tests/system/filter_aaaa/ns5/named.conf.in
+++ b/bin/tests/system/filter_aaaa/ns5/named.conf.in
@@ -23,9 +23,9 @@ options {
        dnssec-validation no;
        notify yes;
        dns64 64:ff9b::/96 {
-                           clients { any; };
-                           exclude { any; };
-                           mapped { any; };
+               clients { any; };
+               exclude { ::1/128; };
+               mapped { any; };
        };
        minimal-responses no;
 };

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 91f2292db8d0cc9756739fcf75216a6d5f84b37b..86485b7875614337708d973311f602d6e88b579f 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -716,7 +716,6 @@ query_reset(ns_client_t *client, bool everything) {
        if (client->query.dns64_aaaaok != NULL) {
                isc_mem_put(client->mctx, client->query.dns64_aaaaok,
                            client->query.dns64_aaaaoklen * sizeof(bool));
-               client->query.dns64_aaaaok = NULL;
                client->query.dns64_aaaaoklen = 0;
        }
 
@@ -8331,6 +8330,10 @@ query_addanswer(query_ctx_t *qctx) {
        } else if (qctx->client->query.dns64_aaaaok != NULL) {
                query_filter64(qctx);
                ns_client_putrdataset(qctx->client, &qctx->rdataset);
+               isc_mem_put(qctx->client->mctx,
+                           qctx->client->query.dns64_aaaaok,
+                           qctx->client->query.dns64_aaaaoklen * sizeof(bool));
+               qctx->client->query.dns64_aaaaoklen = 0;
        } else {
                if (!qctx->is_zone && RECURSIONOK(qctx->client) &&
                    !QUERY_STALETIMEOUT(&qctx->client->query))