Commit 21a7fde6 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] handle servfail at DLZ zone apex

3522.	[bug]		DLZ lookups could fail to return SERVFAIL when
			they ought to. [RT #32685]
parent b7e6fc2a
3522. [bug] DLZ lookups could fail to return SERVFAIL when
they ought to. [RT #32685]
3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249] 3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
3520. [bug] 'mctx' was not being referenced counted in some places 3520. [bug] 'mctx' was not being referenced counted in some places
......
...@@ -233,7 +233,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], ...@@ -233,7 +233,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
struct dlz_example_data *state; struct dlz_example_data *state;
const char *helper_name; const char *helper_name;
va_list ap; va_list ap;
char soa_data[200]; char soa_data[1024];
const char *extra; const char *extra;
isc_result_t result; isc_result_t result;
int n; int n;
...@@ -359,6 +359,18 @@ dlz_findzonedb(void *dbdata, const char *name, ...@@ -359,6 +359,18 @@ dlz_findzonedb(void *dbdata, const char *name,
strncmp(addrbuf, "10.53.0.1", 9) == 0) strncmp(addrbuf, "10.53.0.1", 9) == 0)
return (ISC_R_NOMORE); return (ISC_R_NOMORE);
/*
* For bigcname.domain, return success so it appears to be
* the zone origin; this regression tests a bug in which
* zone origin nodes could fail to return SERVFAIL to the client.
*/
if (strcasecmp(name, "bigcname.domain") == 0)
return (ISC_R_SUCCESS);
/*
* Return success if we have an exact match between the
* zone name and the qname
*/
if (strcasecmp(state->zone_name, name) == 0) if (strcasecmp(state->zone_name, name) == 0)
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
...@@ -418,7 +430,9 @@ dlz_lookup(const char *zone, const char *name, void *dbdata, ...@@ -418,7 +430,9 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
return (result); return (result);
} }
if (strcmp(name, "too-long") == 0) { if (strcmp(name, "too-long") == 0 ||
strcmp(zone, "bigcname.domain") == 0)
{
for (i = 0; i < 511; i++) for (i = 0; i < 511; i++)
buf[i] = 'x'; buf[i] = 'x';
buf[i] = '\0'; buf[i] = '\0';
......
...@@ -143,4 +143,11 @@ grep "status: SERVFAIL" dig.out.ns1.6 > /dev/null || ret=1 ...@@ -143,4 +143,11 @@ grep "status: SERVFAIL" dig.out.ns1.6 > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed" [ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret` status=`expr $status + $ret`
ret=0
echo "I:testing zone returning oversized data at zone origin"
$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.7 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.7 > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo "I:failed"
status=`expr $status + $ret`
exit $status exit $status
...@@ -613,7 +613,10 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create, ...@@ -613,7 +613,10 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
MAYBE_UNLOCK(sdlz->dlzimp); MAYBE_UNLOCK(sdlz->dlzimp);
if (result != ISC_R_SUCCESS && !isorigin && !create) { if (result == ISC_R_NOTFOUND && (isorigin || create))
result = ISC_R_SUCCESS;
if (result != ISC_R_SUCCESS) {
destroynode(node); destroynode(node);
return (result); return (result);
} }
...@@ -625,7 +628,8 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create, ...@@ -625,7 +628,8 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
sdlz->dbdata, node); sdlz->dbdata, node);
MAYBE_UNLOCK(sdlz->dlzimp); MAYBE_UNLOCK(sdlz->dlzimp);
if (result != ISC_R_SUCCESS && if (result != ISC_R_SUCCESS &&
result != ISC_R_NOTIMPLEMENTED) { result != ISC_R_NOTIMPLEMENTED)
{
destroynode(node); destroynode(node);
return (result); return (result);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment