Fix dangling references to outdated views after reconfig

This commit fix a leak which was happening every time an inline-signed
zone was added to the configuration, followed by a rndc reconfig.

During the reconfig process, the secure version of every inline-signed
zone was "moved" to a new view upon a reconfig and it "took the raw
version along", but only once the secure version was freed (at shutdown)
was prev_view for the raw version detached from, causing the old view to
be released as well.

This caused dangling references to be kept for the previous view, thus
keeping all resources used by that view in memory.

diff --git a/bin/named/server.c b/bin/named/server.c
index 6050e476c00c59aac64261ec96d82b21cc2379b7..8a8ed1cc9d66df0961514ecd9901cd120989a320 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -7789,7 +7789,6 @@ configure_zone_setviewcommit(isc_result_t result, const cfg_obj_t *zconfig,
        isc_result_t result2;
        dns_view_t *pview = NULL;
        dns_zone_t *zone = NULL;
-       dns_zone_t *raw = NULL;
 
        zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
        origin = dns_fixedname_initname(&fixorigin);
@@ -7811,22 +7810,10 @@ configure_zone_setviewcommit(isc_result_t result, const cfg_obj_t *zconfig,
                return;
        }
 
-       dns_zone_getraw(zone, &raw);
-
        if (result == ISC_R_SUCCESS) {
                dns_zone_setviewcommit(zone);
-               if (raw != NULL) {
-                       dns_zone_setviewcommit(raw);
-               }
        } else {
                dns_zone_setviewrevert(zone);
-               if (raw != NULL) {
-                       dns_zone_setviewrevert(raw);
-               }
-       }
-
-       if (raw != NULL) {
-               dns_zone_detach(&raw);
        }
 
        dns_zone_detach(&zone);

diff --git a/bin/tests/system/views/ns2/named1.conf.in b/bin/tests/system/views/ns2/named1.conf.in
index 4ad0e557e3f90d1c6b619150eee33aa4f303bbbc..64ac6fa8d9952d05765c034694b409c59387c29d 100644 (file)
--- a/bin/tests/system/views/ns2/named1.conf.in
+++ b/bin/tests/system/views/ns2/named1.conf.in
@@ -41,3 +41,11 @@ zone "example" {
        file "example.db";
        allow-update { any; };
 };
+
+zone "inline" {
+       type primary;
+       file "external/inline.db";
+       key-directory "external";
+       auto-dnssec maintain;
+       inline-signing yes;
+};

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 9071115bb0bdc59ddfde868600d57b7bbb467c1b..38aa979cfca780e16362e5268d090be5b5532475 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -1603,6 +1603,9 @@ dns_zone_setviewcommit(dns_zone_t *zone) {
        if (zone->prev_view != NULL) {
                dns_view_weakdetach(&zone->prev_view);
        }
+       if (inline_secure(zone)) {
+               dns_zone_setviewcommit(zone->raw);
+       }
        UNLOCK_ZONE(zone);
 }
 
@@ -1615,6 +1618,9 @@ dns_zone_setviewrevert(dns_zone_t *zone) {
                dns_zone_setview_helper(zone, zone->prev_view);
                dns_view_weakdetach(&zone->prev_view);
        }
+       if (inline_secure(zone)) {
+               dns_zone_setviewrevert(zone->raw);
+       }
        UNLOCK_ZONE(zone);
 }