From: Mark Andrews Date: Wed, 19 May 2010 06:41:05 +0000 (+0000) Subject: 2900. [bug] The placeholder negative caching element was not X-Git-Tag: v9.7.1b1^3~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=756f9eb63a2a54766422f1415e538535840dd610;p=thirdparty%2Fbind9.git 2900. [bug] The placeholder negative caching element was not properly constructed triggering a INSIST in dns_ncache_towire(). [RT #21346] --- diff --git a/CHANGES b/CHANGES index 7ee5e41fa76..12c68b3a719 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ --- 9.7.1b1 released --- +2900. [bug] The placeholder negative caching element was not + properly constructed triggering a INSIST in + dns_ncache_towire(). [RT #21346] + 2899. [port] win32: Support linking against OpenSSL 1.0.0. 2898. [bug] nslookup leaked memory when -domain=value was diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl index 25932f6bc02..9f5eb82aa72 100644 --- a/bin/tests/system/resolver/ans2/ans.pl +++ b/bin/tests/system/resolver/ans2/ans.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ans.pl,v 1.13 2009/11/04 02:15:30 marka Exp $ +# $Id: ans.pl,v 1.13.24.1 2010/05/19 06:41:05 marka Exp $ # # Ad hoc name server @@ -84,6 +84,11 @@ for (;;) { # delegation to avoid automatic acceptance for subdomain aliases $packet->push("authority", new Net::DNS::RR("example.net 300 NS ns.example.net")); $packet->push("additional", new Net::DNS::RR("ns.example.net 300 A 10.53.0.3")); + } elsif ($qname =~ /^nodata\.example\.net$/i) { + $packet->header->aa(1); + } elsif ($qname =~ /^nxdomain\.example\.net$/i) { + $packet->header->aa(1); + $packet->header->rcode(NXDOMAIN); } elsif ($qname =~ /sub\.example\.org/) { # Data for CNAME/DNAME filtering. The final answers are # expected to be accepted regardless of the filter setting. diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 98c3fc63e6d..6764c3ea1e5 100644 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -15,13 +15,27 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.11 2009/05/29 23:47:49 tbox Exp $ +# $Id: tests.sh,v 1.11.142.1 2010/05/19 06:41:04 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 +echo "I:checking non-cachable NXDOMAIN response handling" +ret=0 +$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 +grep "status: NXDOMAIN" dig.out > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking non-cachable NODATA response handling" +ret=0 +$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 +grep "status: NOERROR" dig.out > /dev/null || ret=1 + +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` echo "I:checking handling of bogus referrals" # If the server has the "INSIST(!external)" bug, this query will kill it. $DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 @@ -105,5 +119,6 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index f87ff1b454e..228a88df74b 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.43.268.5 2010/05/18 06:29:32 marka Exp $ */ +/* $Id: ncache.c,v 1.43.268.6 2010/05/19 06:41:04 marka Exp $ */ /*! \file */ @@ -248,10 +248,9 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, * Copy the type and a zero rdata count to the buffer. */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 4) + if (r.length < 5) return (ISC_R_NOSPACE); - isc_buffer_putuint16(&buffer, 0); - isc_buffer_putuint16(&buffer, 0); + isc_buffer_putuint16(&buffer, 0); /* type */ /* * RFC2308, section 5, says that negative answers without * SOAs should not be cached. @@ -269,6 +268,9 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, trust = dns_trust_authauthority; } else trust = dns_trust_additional; + isc_buffer_putuint8(&buffer, trust); /* trust */ + isc_buffer_putuint16(&buffer, 0); /* count */ + /* * Now add it to the cache. */