From: Mukund Sivaraman <muks@isc.org>
Date: Fri, 21 Apr 2017 11:43:45 +0000 (+0530)
Subject: Adjust RPZ trigger counts only when the entry being deleted exists (#43386)
X-Git-Tag: v9.10.6b1~117
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=3f8245a08f8a071d969ae9e3d634deb93ee77c2a;p=thirdparty%2Fbind9.git

Adjust RPZ trigger counts only when the entry being deleted exists (#43386)

(cherry picked from commit f23c10f925bb56529b7b472b147ec657c73e40e3)
(cherry picked from commit 9a8b2b3ab35fbbdf03acba32dade90ad91f75742)
---

diff --git a/CHANGES b/CHANGES
index 8b78c0a2a8f..546c29c6d95 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4600.	[bug]		Adjust RPZ trigger counts only when the entry
+			being deleted exists. [RT #43386]
+
 4599.	[bug]		Fix inconsistencies in inline signing time
 			comparison that were introduced with the
 			introduction of rdatasetheader->resign_lsb.
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 2afb2ea834d..c9350daf73e 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -1902,7 +1902,13 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
 		name = dns_fixedname_name(&fname);
 		dns_rbt_fullnamefromnode(node, name);
 
+		/*
+		 * dns_rbt_deletenode() may keep the node if it has a
+		 * down pointer, but we mustn't call dns_rpz_delete() on
+		 * it again.
+		 */
 		node_has_rpz = node->rpz;
+		node->rpz = 0;
 		result = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE);
 		if (result == ISC_R_SUCCESS &&
 		    rbtdb->rpzs != NULL && node_has_rpz)
@@ -1939,7 +1945,13 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
 					      isc_result_totext(result));
 			}
 		}
+		/*
+		 * dns_rbt_deletenode() may keep the node if it has a
+		 * down pointer, but we mustn't call dns_rpz_delete() on
+		 * it again.
+		 */
 		node_has_rpz = node->rpz;
+		node->rpz = 0;
 		result = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE);
 		if (result == ISC_R_SUCCESS &&
 		    rbtdb->rpzs != NULL && node_has_rpz)
@@ -7141,8 +7153,12 @@ loadnode(dns_rbtdb_t *rbtdb, dns_name_t *name, dns_rbtnode_t **nodep,
 
 		/*
 		 * Remove the node we just added above.
+		 * dns_rbt_deletenode() may keep the node if it has a
+		 * down pointer, but we mustn't call dns_rpz_delete() on
+		 * it again.
 		 */
 		node_has_rpz = node->rpz;
+		node->rpz = 0;
 		tmpresult = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE);
 		if (tmpresult == ISC_R_SUCCESS) {
 			/*
diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c
index 56768756471..10e25ce8349 100644
--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@@ -2025,6 +2025,7 @@ del_name(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
 	dns_rbtnode_t *nmnode;
 	dns_rpz_nm_data_t *nm_data, del_data;
 	isc_result_t result;
+	isc_boolean_t exists;
 
 	/*
 	 * We need a summary database of names even with 1 policy zone,
@@ -2068,6 +2069,9 @@ del_name(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
 	del_data.wild.qname &= nm_data->wild.qname;
 	del_data.wild.ns &= nm_data->wild.ns;
 
+	exists = ISC_TF(del_data.set.qname != 0 || del_data.set.ns != 0 ||
+			del_data.wild.qname != 0 || del_data.wild.ns != 0);
+
 	nm_data->set.qname &= ~del_data.set.qname;
 	nm_data->set.ns &= ~del_data.set.ns;
 	nm_data->wild.qname &= ~del_data.wild.qname;
@@ -2088,7 +2092,8 @@ del_name(dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num,
 		}
 	}
 
-	adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, ISC_FALSE);
+	if (exists)
+		adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, ISC_FALSE);
 }
 
 /*