From: Ondřej Surý Date: Wed, 13 Oct 2021 10:06:23 +0000 (+0200) Subject: Revert "Merge branch '2308-catz-reload-when-missing-a-zone-v9_16' into 'v9_16'" X-Git-Tag: v9.16.22^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6b1e6ae967b9c585a1dbb30e7e9e1cde2fe1d60;p=thirdparty%2Fbind9.git Revert "Merge branch '2308-catz-reload-when-missing-a-zone-v9_16' into 'v9_16'" This reverts commit 9298caddf482cd37740ba06d8367e74d831a0363, reversing changes made to a6741da4af5d75479630c969a14ccd3839a07f01. --- diff --git a/CHANGES b/CHANGES index 7b96486637f..b2a2100df46 100644 --- a/CHANGES +++ b/CHANGES @@ -6,9 +6,6 @@ degrade resolver performance. (CVE-2021-25219) [GL #2899] -5727. [bug] Fix an assertion failure caused by missing member zones - during a reload of a catalog zone. [GL #2308] - 5724. [bug] Address a potential deadlock when checking zone content consistency. [GL #2908] diff --git a/bin/named/server.c b/bin/named/server.c index 860ccae8a1a..09b477454bb 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -3054,9 +3054,7 @@ configure_catz_zone(dns_view_t *view, const cfg_obj_t *config, name = dns_catz_entry_getname(entry); tresult = dns_view_findzone(pview, name, &dnszone); - if (tresult != ISC_R_SUCCESS) { - continue; - } + RUNTIME_CHECK(tresult == ISC_R_SUCCESS); dns_zone_setview(dnszone, view); dns_view_addzone(view, dnszone); diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index d441d017c7f..c149eb0200b 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -1556,129 +1556,5 @@ wait_for_soa @10.53.0.2 dom15.example. dig.out.test$n || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) -########################################################################## -echo_i "Testing recreation of a manually deleted zone after a reload" -n=$((n+1)) -echo_i "checking that dom16.example. is not served by primary ($n)" -ret=0 -wait_for_no_soa @10.53.0.1 dom16.example. dig.out.test$n || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "Adding a domain dom16.example. to primary ns1 via RNDC ($n)" -ret=0 -echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom16.example.db -echo "@ IN NS invalid." >> ns1/dom16.example.db -echo "@ IN A 192.0.2.1" >> ns1/dom16.example.db -rndccmd 10.53.0.1 addzone dom16.example. '{type primary; file "dom16.example.db";};' || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "checking that dom16.example. is now served by primary ns1 ($n)" -ret=0 -wait_for_soa @10.53.0.1 dom16.example. dig.out.test$n || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -nextpart ns2/named.run >/dev/null - -n=$((n+1)) -echo_i "Adding domain dom16.example. to catalog1 zone with ns1 as primary ($n)" -ret=0 -$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 - server 10.53.0.1 ${PORT} - update add efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN PTR dom16.example. - update add masters.efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN A 10.53.0.1 - send -END -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "waiting for secondary to sync up ($n)" -ret=0 -wait_for_message ns2/named.run "catz: adding zone 'dom16.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom16.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -nextpart ns2/named.run >/dev/null - -n=$((n+1)) -echo_i "checking that dom16.example. is served by secondary and that it's the one from ns1 ($n)" -ret=0 -wait_for_a @10.53.0.2 dom16.example. dig.out.test$n || ret=1 -grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -nextpart ns2/named.run >/dev/null - -echo_i "Deleting dom16.example. from secondary ns2 via RNDC ($n)" -ret=0 -rndccmd 10.53.0.2 delzone dom16.example. >/dev/null 2>&1 || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "checking that dom16.example. is no longer served by secondary ($n)" -ret=0 -wait_for_no_soa @10.53.0.2 dom16.example. dig.out.test$n || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -nextpart ns2/named.run >/dev/null - -echo_i "Reloading secondary ns2 via RNDC ($n)" -ret=0 -rndccmd 10.53.0.2 reload >/dev/null 2>&1 || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "waiting for secondary to sync up ($n)" -ret=0 -wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "checking that dom16.example. is served by secondary and that it's the one from ns1 ($n)" -ret=0 -wait_for_a @10.53.0.2 dom16.example. dig.out.test$n || ret=1 -grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -nextpart ns2/named.run >/dev/null - -n=$((n+1)) -echo_i "Deleting domain dom16.example. from catalog1 ($n)" -ret=0 -$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 - server 10.53.0.1 ${PORT} - update delete efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN PTR dom16.example. - update delete masters.efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN A 10.53.0.1 - send -END -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "waiting for secondary to sync up ($n)" -ret=0 -wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - -n=$((n+1)) -echo_i "checking that dom16.example. is no longer served by secondary ($n)" -ret=0 -wait_for_no_soa @10.53.0.2 dom16.example. dig.out.test$n || ret=1 -if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=$((status+ret)) - echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/doc/notes/notes-9.16.22.rst b/doc/notes/notes-9.16.22.rst index 529d8c0826a..ad6aac808dd 100644 --- a/doc/notes/notes-9.16.22.rst +++ b/doc/notes/notes-9.16.22.rst @@ -76,7 +76,3 @@ Bug Fixes - When new IP addresses were set up by the operating system during ``named`` startup, it could fail to listen for TCP connections on the newly added interfaces. :gl:`#2852` - -- Reloading a catalog zone which referenced a missing/deleted member - zone triggered a runtime check failure, causing ``named`` to exit - prematurely. This has been fixed. :gl:`#2308` diff --git a/lib/dns/catz.c b/lib/dns/catz.c index 7688fe56c96..41402dd3d18 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -86,11 +86,6 @@ catz_process_zones_entry(dns_catz_zone_t *zone, dns_rdataset_t *value, static isc_result_t catz_process_zones_suboption(dns_catz_zone_t *zone, dns_rdataset_t *value, dns_label_t *mhash, dns_name_t *name); -static void -catz_entry_add_or_mod(dns_catz_zone_t *target, isc_ht_t *ht, unsigned char *key, - size_t keysize, dns_catz_entry_t *nentry, - dns_catz_entry_t *oentry, const char *msg, - const char *zname, const char *czname); /*% * Collection of catalog zones for a view @@ -448,7 +443,6 @@ dns_catz_zones_merge(dns_catz_zone_t *target, dns_catz_zone_t *newzone) { { dns_catz_entry_t *nentry = NULL; dns_catz_entry_t *oentry = NULL; - dns_zone_t *zone = NULL; unsigned char *key = NULL; size_t keysize; delcur = false; @@ -480,34 +474,36 @@ dns_catz_zones_merge(dns_catz_zone_t *target, dns_catz_zone_t *newzone) { result = isc_ht_find(target->entries, key, (uint32_t)keysize, (void **)&oentry); if (result != ISC_R_SUCCESS) { - catz_entry_add_or_mod(target, toadd, key, keysize, - nentry, NULL, "adding", zname, - czname); - continue; - } - - result = dns_zt_find(target->catzs->view->zonetable, - dns_catz_entry_getname(nentry), 0, NULL, - &zone); - if (result != ISC_R_SUCCESS) { - isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, - DNS_LOGMODULE_MASTER, ISC_LOG_DEBUG(3), - "catz: zone '%s' was expected to exist " - "but can not be found, will be restored", - zname); - catz_entry_add_or_mod(target, toadd, key, keysize, - nentry, oentry, "adding", zname, - czname); + result = isc_ht_add(toadd, key, (uint32_t)keysize, + nentry); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, + ISC_LOG_ERROR, + "catz: error adding zone '%s' " + "from catalog '%s' - %s", + zname, czname, + isc_result_totext(result)); + } continue; } - dns_zone_detach(&zone); if (dns_catz_entry_cmp(oentry, nentry) != true) { - catz_entry_add_or_mod(target, tomod, key, keysize, - nentry, oentry, "modifying", - zname, czname); - continue; + result = isc_ht_add(tomod, key, (uint32_t)keysize, + nentry); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, + ISC_LOG_ERROR, + "catz: error modifying zone '%s' " + "from catalog '%s' - %s", + zname, czname, + isc_result_totext(result)); + } } + dns_catz_entry_detach(target, &oentry); + result = isc_ht_delete(target->entries, key, (uint32_t)keysize); + RUNTIME_CHECK(result == ISC_R_SUCCESS); } RUNTIME_CHECK(result == ISC_R_NOMORE); isc_ht_iter_destroy(&iter1); @@ -1390,26 +1386,6 @@ catz_process_zones_suboption(dns_catz_zone_t *zone, dns_rdataset_t *value, return (ISC_R_FAILURE); } -static inline void -catz_entry_add_or_mod(dns_catz_zone_t *target, isc_ht_t *ht, unsigned char *key, - size_t keysize, dns_catz_entry_t *nentry, - dns_catz_entry_t *oentry, const char *msg, - const char *zname, const char *czname) { - isc_result_t result = isc_ht_add(ht, key, (uint32_t)keysize, nentry); - - if (result != ISC_R_SUCCESS) { - isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, - DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, - "catz: error %s zone '%s' from catalog '%s' - %s", - msg, zname, czname, isc_result_totext(result)); - } - if (oentry != NULL) { - dns_catz_entry_detach(target, &oentry); - result = isc_ht_delete(target->entries, key, (uint32_t)keysize); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - } -} - static isc_result_t catz_process_value(dns_catz_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) {