From: Aram Sargsyan Date: Mon, 4 May 2026 22:34:01 +0000 (+0000) Subject: Fix a bug in catz_process_apl() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4cab10461b3ff6fb03303c42964b7959731cd79;p=thirdparty%2Fbind9.git Fix a bug in catz_process_apl() The allow-transfer/allow-query catalog zone custom properties support only APL RRtypes. All other types are correctly rejected by the catz_process_apl() function. However, when an APL RRtype is processed by that function, and another (non-APL) RRtype is then attempted to be processed, there is an assertion failure happening in the prologue of the function because `*aclbp != NULL` (i.e. an APL has been already processed). Move the code to do type checking before the affected REQUIRE assertion. (cherry picked from commit 67e0090371b4bd4c8933b8644f68a3dbc592a214) --- diff --git a/lib/dns/catz.c b/lib/dns/catz.c index 37e940b2e95..4187e53252f 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -1569,6 +1569,17 @@ catz_process_primaries(dns_catz_zone_t *catz, dns_ipkeylist_t *ipkl, static isc_result_t catz_process_apl(dns_catz_zone_t *catz, isc_buffer_t **aclbp, dns_rdataset_t *value) { + REQUIRE(DNS_RDATASET_VALID(value)); + REQUIRE(dns_rdataset_isassociated(value)); + + if (value->type != dns_rdatatype_apl) { + return ISC_R_FAILURE; + } + + REQUIRE(DNS_CATZ_ZONE_VALID(catz)); + REQUIRE(aclbp != NULL); + REQUIRE(*aclbp == NULL); + isc_result_t result = ISC_R_SUCCESS; dns_rdata_t rdata; dns_rdata_in_apl_t rdata_apl; @@ -1577,16 +1588,6 @@ catz_process_apl(dns_catz_zone_t *catz, isc_buffer_t **aclbp, isc_buffer_t *aclb = NULL; unsigned char buf[256]; /* larger than INET6_ADDRSTRLEN */ - REQUIRE(DNS_CATZ_ZONE_VALID(catz)); - REQUIRE(aclbp != NULL); - REQUIRE(*aclbp == NULL); - REQUIRE(DNS_RDATASET_VALID(value)); - REQUIRE(dns_rdataset_isassociated(value)); - - if (value->type != dns_rdatatype_apl) { - return ISC_R_FAILURE; - } - if (dns_rdataset_count(value) > 1) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,