auth, check return value of getCatalogMembers()

author Kees Monshouwer <mind04@monshouwer.org>

Tue, 28 Jan 2025 17:33:20 +0000 (18:33 +0100)

committer Miod Vallat <miod.vallat@open-xchange.com>

Mon, 3 Feb 2025 09:47:44 +0000 (10:47 +0100)
author Kees Monshouwer <mind04@monshouwer.org>
Tue, 28 Jan 2025 17:33:20 +0000 (18:33 +0100)
committer Miod Vallat <miod.vallat@open-xchange.com>
Mon, 3 Feb 2025 09:47:44 +0000 (10:47 +0100)
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc

index 12db956bb758ce9ebc99948ff1cfb7d8d59235ec..31aaa42ca85802ae30493f53d347058006915ebd 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -582,6 +582,7 @@ namespace {
  
  
  /** do the actual zone transfer. Return 0 in case of error, 1 in case of success */
+// NOLINTNEXTLINE(readability-function-cognitive-complexity)
  int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr<DNSPacket>& q, int outsock)
  {
    string logPrefix="AXFR-out zone '"+target.toLogString()+"', client '"+q->getRemoteString()+"', ";
@@ -789,7 +790,12 @@ int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr<DNSPacket>& q,
      zrrs.emplace_back(CatalogInfo::getCatalogVersionRecord(target));
  
      vector<CatalogInfo> members;
-    sd.db->getCatalogMembers(target, members, CatalogInfo::CatalogType::Producer);
+    if (!sd.db->getCatalogMembers(target, members, CatalogInfo::CatalogType::Producer)) {
+      g_log << Logger::Error << logPrefix << "getting catalog members failed, aborting AXFR" << endl;
+      outpacket->setRcode(RCode::ServFail);
+      sendPacket(outpacket, outsock);
+      return 0;
+    }
      for (const auto& ci : members) {
        ci.toDNSZoneRecords(target, zrrs);
      }
author	Kees Monshouwer <mind04@monshouwer.org>
	Tue, 28 Jan 2025 17:33:20 +0000 (18:33 +0100)
committer	Miod Vallat <miod.vallat@open-xchange.com>
	Mon, 3 Feb 2025 09:47:44 +0000 (10:47 +0100)