apply max-recursion-queries quota to validator queries

author Evan Hunt <each@isc.org>

Wed, 22 May 2024 22:17:47 +0000 (15:17 -0700)

committer Evan Hunt <each@isc.org>

Wed, 7 Aug 2024 22:36:09 +0000 (15:36 -0700)
author Evan Hunt <each@isc.org>
Wed, 22 May 2024 22:17:47 +0000 (15:17 -0700)
committer Evan Hunt <each@isc.org>
Wed, 7 Aug 2024 22:36:09 +0000 (15:36 -0700)
diff --git a/lib/dns/include/dns/validator.h b/lib/dns/include/dns/validator.h

index 352a60a6a09d6b444fa20115f871eca2c80dfdfe..2c758833f0bf11dd3ac66946c7795703c21af6f4 100644 (file)
--- a/lib/dns/include/dns/validator.h
+++ b/lib/dns/include/dns/validator.h
@@ -144,12 +144,13 @@ struct dns_validator {
         dns_fixedname_t       wild;
         dns_fixedname_t       closest;
         ISC_LINK(dns_validator_t) link;
-       bool          mustbesecure;
-       unsigned int  depth;
-       unsigned int  authcount;
-       unsigned int  authfail;
-       bool          failed;
-       isc_stdtime_t start;
+       bool           mustbesecure;
+       unsigned int   depth;
+       unsigned int   authcount;
+       unsigned int   authfail;
+       bool           failed;
+       isc_stdtime_t  start;
+       isc_counter_t *qc;
  };
  
  /*%
@@ -167,7 +168,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
                      dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
                      dns_message_t *message, unsigned int options,
                      isc_task_t *task, isc_taskaction_t action, void *arg,
-                    dns_validator_t **validatorp);
+                    isc_counter_t *qc, dns_validator_t **validatorp);
  /*%<
   * Start a DNSSEC validation.
   *
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index 0b22397ad5178fda2c4352502f7ef5ba9dbea573..83ae50b782ad3558a94122623ab06eeb0aecd9a9 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -974,7 +974,7 @@ valcreate(fetchctx_t *fctx, dns_message_t *message, dns_adbaddrinfo_t *addrinfo,
  
         result = dns_validator_create(fctx->res->view, name, type, rdataset,
                                       sigrdataset, message, valoptions, task,
-                                     validated, valarg, &validator);
+                                     validated, valarg, fctx->qc, &validator);
         RUNTIME_CHECK(result == ISC_R_SUCCESS);
         if (result == ISC_R_SUCCESS) {
                 inc_stats(fctx->res, dns_resstatscounter_val);
diff --git a/lib/dns/validator.c b/lib/dns/validator.c

index 62647270a075064c4b0a17daf21525c764fb25e7..696a464ec15a8a6fc1ceb9f8bbc3f2d3127e0603 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,6 +15,7 @@
  #include <stdbool.h>
  
  #include <isc/base32.h>
+#include <isc/counter.h>
  #include <isc/md.h>
  #include <isc/mem.h>
  #include <isc/print.h>
@@ -1091,7 +1092,7 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
         validator_logcreate(val, name, type, caller, "validator");
         result = dns_validator_create(val->view, name, type, rdataset, sig,
                                       NULL, vopts, val->task, action, val,
-                                     &val->subvalidator);
+                                     val->qc, &val->subvalidator);
         if (result == ISC_R_SUCCESS) {
                 val->subvalidator->parent = val;
                 val->subvalidator->depth = val->depth + 1;
@@ -3152,7 +3153,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
                      dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
                      dns_message_t *message, unsigned int options,
                      isc_task_t *task, isc_taskaction_t action, void *arg,
-                    dns_validator_t **validatorp) {
+                    isc_counter_t *qc, dns_validator_t **validatorp) {
         isc_result_t result = ISC_R_FAILURE;
         dns_validator_t *val;
         isc_task_t *tclone = NULL;
@@ -3193,6 +3194,10 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
                 goto cleanup;
         }
  
+       if (qc != NULL) {
+               isc_counter_attach(qc, &val->qc);
+       }
+
         val->mustbesecure = dns_resolver_getmustbesecure(view->resolver, name);
         dns_rdataset_init(&val->fdsset);
         dns_rdataset_init(&val->frdataset);
@@ -3297,6 +3302,9 @@ destroy(dns_validator_t *val) {
         if (val->siginfo != NULL) {
                 isc_mem_put(mctx, val->siginfo, sizeof(*val->siginfo));
         }
+       if (val->qc != NULL) {
+               isc_counter_detach(&val->qc);
+       }
         isc_mutex_destroy(&val->lock);
         dns_view_weakdetach(&val->view);
         isc_mem_put(mctx, val, sizeof(*val));
author	Evan Hunt <each@isc.org>
	Wed, 22 May 2024 22:17:47 +0000 (15:17 -0700)
committer	Evan Hunt <each@isc.org>
	Wed, 7 Aug 2024 22:36:09 +0000 (15:36 -0700)
lib/dns/include/dns/validator.h		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history
lib/dns/validator.c		patch \| blob \| blame \| history