From: Mark Andrews Date: Mon, 5 May 2014 00:12:12 +0000 (+1000) Subject: 3837. [security] A NULL pointer is passed to query_prefetch resulting X-Git-Tag: v9.10.0-P1~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42a2c4a9bc3ac941cdab887b55ab5f035ce28937;p=thirdparty%2Fbind9.git 3837. [security] A NULL pointer is passed to query_prefetch resulting a REQUIRE assertion failure when a fetch is actually initiated. [ RT #35899] Squashed commit of the following: commit 7f4e1f3917d743089c42cc52ec2c0eea598d2c00 Author: Mukund Sivaraman Date: Sun May 4 22:34:34 2014 +0530 Fix a comment commit 6a35a6a2346013fa8e3798b9b680d8a3031fcb03 Author: Mark Andrews Date: Sun May 4 23:34:25 2014 +1000 pass the correct name to query_prefetch (cherry picked from commit b36fc8294e1328912b940899d436c60986c92435) Conflicts: CHANGES --- diff --git a/CHANGES b/CHANGES index cbb32d797a7..ef854a3cc13 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +3837. [security] A NULL pointer is passed to query_prefetch resulting + a REQUIRE assertion failure when a fetch is actually + initiated. [ RT #35899] + --- 9.10.0 released --- 3824. [bug] A collision between two flag values could cause diff --git a/bin/named/query.c b/bin/named/query.c index 2fc7d334ecc..6ad61a4e3ad 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -7642,8 +7642,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) if (rpz_st != NULL) rdataset->ttl = ISC_MIN(rdataset->ttl, rpz_st->m.ttl); - if (!is_zone && RECURSIONOK(client)) - query_prefetch(client, fname, rdataset); + if (!is_zone && RECURSIONOK(client)) { + dns_name_t *name; + name = (fname != NULL) ? fname : tname; + query_prefetch(client, name, rdataset); + } query_addrrset(client, fname != NULL ? &fname : &tname, &rdataset, NULL, diff --git a/bin/tests/system/resolver/ns4/tld2.db b/bin/tests/system/resolver/ns4/tld2.db index 5a8663a721d..5231dbd7ea4 100644 --- a/bin/tests/system/resolver/ns4/tld2.db +++ b/bin/tests/system/resolver/ns4/tld2.db @@ -25,3 +25,6 @@ $TTL 300 @ NS ns.tld. ns A 10.53.0.4 fetch 10 TXT A short ttl +fetchall 10 TXT A short ttl +fetchall 10 A 1.2.3.4 +fetchall 10 AAAA ::1 diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index d96fae2994e..3757715f4cb 100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -458,5 +458,21 @@ test ${ttl:-0} -eq ${ttl1:-1} || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo "I:check prefetch qtype * (${n})" +ret=0 +$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.1.${n} || ret=1 +ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}` +# sleep so we are in prefetch range +sleep ${ttl1:-0} +# trigger prefetch +$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.2.${n} || ret=1 +ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}` +sleep 1 +# check that the nameserver is still alive +$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.3.${n} || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h index c1afa26fa98..bea163686f4 100644 --- a/lib/dns/include/dns/resolver.h +++ b/lib/dns/include/dns/resolver.h @@ -95,8 +95,8 @@ typedef struct dns_fetchevent { #define DNS_FETCHOPT_NOVALIDATE 0x020 /*%< Disable validation. */ #define DNS_FETCHOPT_EDNS512 0x040 /*%< Advertise a 512 byte UDP buffer. */ -#define DNS_FETCHOPT_WANTNSID 0x080 /*%< Request NSID */ -#define DNS_FETCHOPT_PREFETCH 0x100 /*%< Request NSID */ +#define DNS_FETCHOPT_WANTNSID 0x080 /*%< Request NSID */ +#define DNS_FETCHOPT_PREFETCH 0x100 /*%< Do prefetch */ #define DNS_FETCHOPT_NOCDFLAG 0x200 /*%< Don't set CD flag. */ /* Reserved in use by adb.c 0x00400000 */