From: Evan Hunt <each@isc.org>
Date: Mon, 28 Apr 2014 19:18:53 +0000 (-0700)
Subject: [v9_10_0_release] SIT/max-cache-size flag collision
X-Git-Tag: v9.10.0^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63fbb3ea39094353765c04a6066b9e1d1013992a;p=thirdparty%2Fbind9.git

[v9_10_0_release] SIT/max-cache-size flag collision

3824.	[bug]		A collision between two flag values could cause
			problems with cache cleaning when SIT was enabled.
			[RT #35858]

(cherry picked from commit e01fbe2a45f9641968264a3bdf76d290e20521d7)
---

diff --git a/CHANGES b/CHANGES
index 74e3ff30337..cbb32d797a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 	--- 9.10.0 released ---
 
+3824.	[bug]		A collision between two flag values could cause
+			problems with cache cleaning when SIT was enabled.
+			[RT #35858]
+
 	--- 9.10.0rc2 released ---
 
 3817.	[func]		The "delve" command is now spelled "delv" to avoid
diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index f65e744efd7..a3ce67f049d 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -357,7 +357,7 @@ static void dump_entry(FILE *, dns_adbentry_t *, isc_boolean_t, isc_stdtime_t);
  * Private flag(s) for entries.
  * MUST NOT overlap FCTX_ADDRINFO_xxx and DNS_FETCHOPT_NOEDNS0.
  */
-#define ENTRY_IS_DEAD		0x80000000
+#define ENTRY_IS_DEAD		0x00400000
 
 /*
  * To the name, address classes are all that really exist.  If it has a
@@ -4041,6 +4041,9 @@ dns_adb_changeflags(dns_adb_t *adb, dns_adbaddrinfo_t *addr,
 	REQUIRE(DNS_ADB_VALID(adb));
 	REQUIRE(DNS_ADBADDRINFO_VALID(addr));
 
+	REQUIRE((bits & ENTRY_IS_DEAD) == 0);
+	REQUIRE((mask & ENTRY_IS_DEAD) == 0);
+
 	bucket = addr->entry->lock_bucket;
 	LOCK(&adb->entrylocks[bucket]);
 
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 33b4f9e27df..c1afa26fa98 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -99,6 +99,7 @@ typedef struct dns_fetchevent {
 #define DNS_FETCHOPT_PREFETCH		0x100         /*%< Request NSID */
 #define DNS_FETCHOPT_NOCDFLAG		0x200	     /*%< Don't set CD flag. */
 
+/* Reserved in use by adb.c		0x00400000 */
 #define	DNS_FETCHOPT_EDNSVERSIONSET	0x00800000
 #define	DNS_FETCHOPT_EDNSVERSIONMASK	0xff000000
 #define	DNS_FETCHOPT_EDNSVERSIONSHIFT	24