]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Only update foundname if returning DNS_R_COVERINGNSEC
authorMark Andrews <marka@isc.org>
Wed, 16 Feb 2022 08:20:25 +0000 (19:20 +1100)
committerMichał Kępień <michal@isc.org>
Wed, 16 Mar 2022 21:11:49 +0000 (22:11 +0100)
'setup_delegation' depends on 'foundname' being the value returned
by 'dns_rbt_findnode' in the cache and 'find_coveringnsec' was
modifying 'foundname' when a covering NSEC was not found.

lib/dns/rbtdb.c

index df79f5de6426ced05ad40840a75043fdf541ae94..94b557fc05ab359e963ccfcb5d2688ed82894a5f 100644 (file)
@@ -4760,24 +4760,28 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
 
 /*
  * Look for a potentially covering NSEC in the cache where `name`
- * is known to not exist.  This uses the auxiliary NSEC tree to find
- * the potential NSEC owner.
+ * is known not to exist.  This uses the auxiliary NSEC tree to find
+ * the potential NSEC owner. If found, we update 'foundname', 'nodep',
+ * 'rdataset' and 'sigrdataset', and return DNS_R_COVERINGNSEC.
+ * Otherwise, return ISC_R_NOTFOUND.
  */
 static isc_result_t
 find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
                  dns_dbnode_t **nodep, isc_stdtime_t now,
                  dns_name_t *foundname, dns_rdataset_t *rdataset,
                  dns_rdataset_t *sigrdataset) {
-       dns_fixedname_t fprefix, forigin, ftarget;
-       dns_name_t *prefix, *origin, *target;
+       dns_fixedname_t fprefix, forigin, ftarget, fixed;
+       dns_name_t *prefix = NULL, *origin = NULL;
+       dns_name_t *target = NULL, *fname = NULL;
        dns_rbtnode_t *node = NULL;
        dns_rbtnodechain_t chain;
        isc_result_t result;
        isc_rwlocktype_t locktype;
-       nodelock_t *lock;
+       nodelock_t *lock = NULL;
        rbtdb_rdatatype_t matchtype, sigmatchtype;
-       rdatasetheader_t *found, *foundsig;
-       rdatasetheader_t *header, *header_next, *header_prev;
+       rdatasetheader_t *found = NULL, *foundsig = NULL;
+       rdatasetheader_t *header = NULL;
+       rdatasetheader_t *header_next = NULL, *header_prev = NULL;
 
        /*
         * Look for the node in the auxilary tree.
@@ -4794,6 +4798,7 @@ find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
        prefix = dns_fixedname_initname(&fprefix);
        origin = dns_fixedname_initname(&forigin);
        target = dns_fixedname_initname(&ftarget);
+       fname = dns_fixedname_initname(&fixed);
 
        locktype = isc_rwlocktype_read;
        matchtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_nsec, 0);
@@ -4818,16 +4823,12 @@ find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
         * Lookup the predecessor in the main tree.
         */
        node = NULL;
-       result = dns_rbt_findnode(search->rbtdb->tree, target, foundname, &node,
+       result = dns_rbt_findnode(search->rbtdb->tree, target, fname, &node,
                                  NULL, DNS_RBTFIND_EMPTYDATA, NULL, NULL);
        if (result != ISC_R_SUCCESS) {
                return (ISC_R_NOTFOUND);
        }
 
-       found = NULL;
-       foundsig = NULL;
-       header_prev = NULL;
-
        lock = &(search->rbtdb->node_locks[node->locknum].lock);
        NODE_LOCK(lock, locktype);
        for (header = node->data; header != NULL; header = header_next) {
@@ -4862,6 +4863,9 @@ find_coveringnsec(rbtdb_search_t *search, const dns_name_t *name,
                                      locktype, sigrdataset);
                }
                new_reference(search->rbtdb, node, locktype);
+
+               dns_name_copy(fname, foundname);
+
                *nodep = node;
                result = DNS_R_COVERINGNSEC;
        } else {