From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 29 Apr 2026 18:20:04 +0000 (+0200)
Subject: Guard parent-NS walk against running off the root
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=141e8110f73e45d2776bbd376c8066086fc25cdc;p=thirdparty%2Fbind9.git

Guard parent-NS walk against running off the root

Once the walk reaches the root, splitting one more label off would
trip an internal assertion and abort named.  Stop cleanly with
ISC_R_NOTFOUND so the dispatcher cancels the fetch.  Only reachable
through misconfiguration (root configured as a primary with parental
agents, or a parent zone that NODATAs its own NS).

Assisted-by: Claude:claude-opus-4-7
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index e5254dd7103..d6a86dacc40 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -17653,15 +17653,18 @@ checkds_send(dns_zone_t *zone) {
 static isc_result_t
 nsfetch_start(dns_zonefetch_t *fetch) {
 	dns_nsfetch_t *nsfetch;
-	unsigned int nlabels = 1;
 
 	REQUIRE(fetch->fetchtype == ZONEFETCHTYPE_NS);
 
 	nsfetch = &fetch->fetchdata.nsfetch;
 
-	/* Derive parent domain. XXXWMM: Check for root domain */
+	/* Derive parent domain. Check for root domain. */
+	if (dns_name_countlabels(&nsfetch->pname) <= 1U) {
+		return ISC_R_NOTFOUND;
+	}
+
 	dns_name_split(&nsfetch->pname,
-		       dns_name_countlabels(&nsfetch->pname) - nlabels, NULL,
+		       dns_name_countlabels(&nsfetch->pname) - 1U, NULL,
 		       &nsfetch->pname);
 
 	fetch->qtype = dns_rdatatype_ns;
diff --git a/lib/dns/zonefetch.c b/lib/dns/zonefetch.c
index ff28bff566e..475ee19ffcc 100644
--- a/lib/dns/zonefetch.c
+++ b/lib/dns/zonefetch.c
@@ -75,12 +75,20 @@ cancel:
 		return;
 	} else if (result != ISC_R_SHUTTINGDOWN) {
 		char namebuf[DNS_NAME_FORMATSIZE];
-		char typebuf[DNS_RDATATYPE_FORMATSIZE];
-		dns_name_format(fetch->qname, namebuf, sizeof(namebuf));
-		dns_rdatatype_format(fetch->qtype, typebuf, sizeof(typebuf));
-		dns_zone_log(zone, ISC_LOG_WARNING,
-			     "Failed fetch for %s/%s request", namebuf,
-			     typebuf);
+
+		if (DNS_NAME_VALID(fetch->qname)) {
+			char typebuf[DNS_RDATATYPE_FORMATSIZE];
+			dns_name_format(fetch->qname, namebuf, sizeof(namebuf));
+			dns_rdatatype_format(fetch->qtype, typebuf,
+					     sizeof(typebuf));
+			dns_zone_log(zone, ISC_LOG_WARNING,
+				     "Failed fetch for %s/%s request", namebuf,
+				     typebuf);
+		} else {
+			dns_zone_nameonly(zone, namebuf, sizeof(namebuf));
+			dns_zone_log(zone, ISC_LOG_WARNING,
+				     "Failed fetch for zone %s", namebuf);
+		}
 	}
 
 	/*