4038. [bug] Add 'rpz' flag to node and use it to determine whether

                        to call dns_rpz_delete.  This should prevent unbalanced
                        add / delete calls. [RT #36888

(cherry picked from commit cc0a48a38173637f7a833e2da52bcfbcecb960b4)

diff --git a/CHANGES b/CHANGES
index 38279b732a37445f36cf8816a1f292a8e456afe4..514a04f8d18f4b78bdbc1389468d06d39b6d10d7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4038.  [bug]           Add 'rpz' flag to node and use it to determine whether
+                       to call dns_rpz_delete.  This should prevent unbalanced
+                       add / delete calls. [RT #36888]
+
 4037.  [bug]           also-notify was ignoring the tsig key when checking
                        for duplicates resulting in some expected notify
                        messages not being sent. [RT #38369]

diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h
index 34c7f7ef961489f8bbfb24bc721bdb56d37c8585..7c3a5e7ad7c8668ba862ca10e0f5856327530a22 100644 (file)
--- a/lib/dns/include/dns/rbt.h
+++ b/lib/dns/include/dns/rbt.h
@@ -126,6 +126,9 @@ struct dns_rbtnode {
        unsigned int down_is_relative : 1;
        unsigned int data_is_relative : 1;
 
+       /* node needs to be cleaned from rpz */
+       unsigned int rpz : 1;
+
 #ifdef DNS_RBT_USEHASH
        unsigned int hashval;
 #endif

diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
index 7a440274aafdcb87152c6c45987cf5adc6d37e26..2ad3b782c28822cc5f51af7047655091e112a9ef 100644 (file)
--- a/lib/dns/rbt.c
+++ b/lib/dns/rbt.c
@@ -2186,6 +2186,7 @@ create_node(isc_mem_t *mctx, dns_name_t *name, dns_rbtnode_t **nodep) {
        node->right_is_relative = 0;
        node->parent_is_relative = 0;
        node->data_is_relative = 0;
+       node->rpz = 0;
 
 #ifdef DNS_RBT_USEHASH
        HASHNEXT(node) = NULL;

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index d491b6a45a062d2de7ae98ec157c2490424b53fe..36d9c7291406c13abdceaea8118360f36f92ca5b 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -1834,7 +1834,7 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node)
 
        switch (node->nsec) {
        case DNS_RBT_NSEC_NORMAL:
-               if (rbtdb->rpzs != NULL) {
+               if (rbtdb->rpzs != NULL && node->rpz) {
                        dns_fixedname_init(&fname);
                        name = dns_fixedname_name(&fname);
                        dns_rbt_fullnamefromnode(node, name);
@@ -1873,9 +1873,9 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node)
                                              isc_result_totext(result));
                        }
                }
-               result = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE);
-               if (rbtdb->rpzs != NULL)
+               if (rbtdb->rpzs != NULL && node->rpz)
                        dns_rpz_delete(rbtdb->rpzs, rbtdb->rpz_num, name);
+               result = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE);
                break;
        case DNS_RBT_NSEC_NSEC:
                result = dns_rbt_deletenode(rbtdb->nsec, node, ISC_FALSE);
@@ -2901,6 +2901,8 @@ findnodeintree(dns_rbtdb_t *rbtdb, dns_rbt_t *tree, dns_name_t *name,
                fname = dns_fixedname_name(&fnamef);
                dns_rbt_fullnamefromnode(node, fname);
                result = dns_rpz_add(rbtdb->rpzs, rbtdb->rpz_num, fname);
+               if (result == ISC_R_SUCCESS)
+                       node->rpz = 1;
                if (result != ISC_R_SUCCESS && result != ISC_R_EXISTS) {
                        /*
                         * It is too late to give up, so merely complain.
@@ -7063,7 +7065,9 @@ loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep,
        if (rbtdb->rpzs != NULL && noderesult == ISC_R_SUCCESS) {
                noderesult = dns_rpz_add(rbtdb->load_rpzs, rbtdb->rpz_num,
                                         name);
-               if (noderesult != ISC_R_SUCCESS) {
+               if (noderesult == ISC_R_SUCCESS) {
+                       node->rpz = 1;
+               } else  {
                        /*
                         * Remove the node we just added above.
                         */
@@ -7121,6 +7125,11 @@ loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep,
        }
 
        if (noderesult == ISC_R_SUCCESS) {
+               /*
+                * Clean rpz entries added above.
+                */
+               if (rbtdb->rpzs != NULL && node->rpz)
+                       dns_rpz_delete(rbtdb->load_rpzs, rbtdb->rpz_num, name);
                /*
                 * Remove the node we just added above.
                 */
@@ -7135,8 +7144,6 @@ loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep,
                                      "dns_rbt_addnode(NSEC): %s",
                                      isc_result_totext(tmpresult),
                                      isc_result_totext(noderesult));
-               if (rbtdb->rpzs != NULL && noderesult == ISC_R_SUCCESS)
-                       dns_rpz_delete(rbtdb->load_rpzs, rbtdb->rpz_num, name);
        }
 
        /*