From: Diego Fronza <diego@isc.org>
Date: Thu, 11 Feb 2021 14:32:20 +0000 (-0300)
Subject: Fix dangling references to outdated views after reconfig
X-Git-Tag: v9.17.11~53^2~2
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=30729c7013d0ea2f7eac85f44129df33fb28aaa3;p=thirdparty%2Fbind9.git

Fix dangling references to outdated views after reconfig

This commit fix a leak which was happening every time an inline-signed
zone was added to the configuration, followed by a rndc reconfig.

During the reconfig process, the secure version of every inline-signed
zone was "moved" to a new view upon a reconfig and it "took the raw
version along", but only once the secure version was freed (at shutdown)
was prev_view for the raw version detached from, causing the old view to
be released as well.

This caused dangling references to be kept for the previous view, thus
keeping all resources used by that view in memory.
---

diff --git a/bin/named/server.c b/bin/named/server.c
index e4e80f6f810..c2afd5523a0 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -7975,7 +7975,6 @@ configure_zone_setviewcommit(isc_result_t result, const cfg_obj_t *zconfig,
 	isc_result_t result2;
 	dns_view_t *pview = NULL;
 	dns_zone_t *zone = NULL;
-	dns_zone_t *raw = NULL;
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	origin = dns_fixedname_initname(&fixorigin);
@@ -7997,22 +7996,10 @@ configure_zone_setviewcommit(isc_result_t result, const cfg_obj_t *zconfig,
 		return;
 	}
 
-	dns_zone_getraw(zone, &raw);
-
 	if (result == ISC_R_SUCCESS) {
 		dns_zone_setviewcommit(zone);
-		if (raw != NULL) {
-			dns_zone_setviewcommit(raw);
-		}
 	} else {
 		dns_zone_setviewrevert(zone);
-		if (raw != NULL) {
-			dns_zone_setviewrevert(raw);
-		}
-	}
-
-	if (raw != NULL) {
-		dns_zone_detach(&raw);
 	}
 
 	dns_zone_detach(&zone);
diff --git a/bin/tests/system/views/ns2/named1.conf.in b/bin/tests/system/views/ns2/named1.conf.in
index 4ad0e557e3f..64ac6fa8d99 100644
--- a/bin/tests/system/views/ns2/named1.conf.in
+++ b/bin/tests/system/views/ns2/named1.conf.in
@@ -41,3 +41,11 @@ zone "example" {
 	file "example.db";
 	allow-update { any; };
 };
+
+zone "inline" {
+	type primary;
+	file "external/inline.db";
+	key-directory "external";
+	auto-dnssec maintain;
+	inline-signing yes;
+};
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index b0120ec4e35..0269a9b42d5 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -1616,6 +1616,9 @@ dns_zone_setviewcommit(dns_zone_t *zone) {
 	if (zone->prev_view != NULL) {
 		dns_view_weakdetach(&zone->prev_view);
 	}
+	if (inline_secure(zone)) {
+		dns_zone_setviewcommit(zone->raw);
+	}
 	UNLOCK_ZONE(zone);
 }
 
@@ -1628,6 +1631,9 @@ dns_zone_setviewrevert(dns_zone_t *zone) {
 		dns_zone_setview_helper(zone, zone->prev_view);
 		dns_view_weakdetach(&zone->prev_view);
 	}
+	if (inline_secure(zone)) {
+		dns_zone_setviewrevert(zone->raw);
+	}
 	UNLOCK_ZONE(zone);
 }