[master] "rndc nta -r" could hang

3930.	[bug]		"rndc nta -r" could cause a server hang if the
			NTA was not found. [RT #36909]

CHANGES

+3930.	[bug]		"rndc nta -r" could cause a server hang if the
+			NTA was not found. [RT #36909]
+
 3929.	[bug]		'host -a' needed to clear idnoptions. [RT #36963]
 
 3928.	[test]		Improve rndc system test. [RT #36898]

bin/named/server.c

@@ -9870,7 +9870,7 @@ ns_server_nta(ns_server_t *server, char *args, isc_buffer_t *text) {
 	dns_fixedname_t fn;
 	dns_name_t *ntaname;
 	dns_ttl_t ntattl;
-	isc_boolean_t ttlset = ISC_FALSE;
+	isc_boolean_t ttlset = ISC_FALSE, excl = ISC_FALSE;
 
 	UNUSED(force);
 
@@ -9969,6 +9969,7 @@ ns_server_nta(ns_server_t *server, char *args, isc_buffer_t *text) {
 
 	result = isc_task_beginexclusive(server->task);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);
+	excl = ISC_TRUE;
 	for (view = ISC_LIST_HEAD(server->viewlist);
 	     view != NULL;
 	     view = ISC_LIST_NEXT(view, link))
@@ -10037,11 +10038,13 @@ ns_server_nta(ns_server_t *server, char *args, isc_buffer_t *text) {
 
 		isc_buffer_putuint8(text, 0);
 	}
-	isc_task_endexclusive(server->task);
 
 	if (msg != NULL)
 		(void) putstr(text, msg);
+
  cleanup:
+	if (excl)
+		isc_task_endexclusive(server->task);
 	if (ntatable != NULL)
 		dns_ntatable_detach(&ntatable);
 	return (result);

bin/tests/system/dnssec/tests.sh

@@ -1766,6 +1766,42 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed - that all nta's have been lifted"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo "I: testing NTA removals ($n)"
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta badds.example 2>&1 | sed 's/^/I:ns4 /'
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.1
+grep "badds.example: expiry" rndc.out.ns4.test$n.1 > /dev/null || ret=1
+$DIG $DIGOPTS a.badds.example. a @10.53.0.4 > dig.out.ns4.test$n.1 || ret=1
+grep "^a.badds.example." dig.out.ns4.test$n.1 > /dev/null || ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove badds.example > rndc.out.ns4.test$n.2
+grep "Negative trust anchor removed: badds.example/_default" rndc.out.ns4.test$n.2 > /dev/null || ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.3
+grep "badds.example: expiry" rndc.out.ns4.test$n.3 > /dev/null && ret=1
+$DIG $DIGOPTS a.badds.example. a @10.53.0.4 > dig.out.ns4.test$n.2 || ret=1
+grep "status: SERVFAIL" dig.out.ns4.test$n.2 > /dev/null || ret=1
+echo "I: remove non-existent NTA three times"
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -r foo > rndc.out.ns4.test$n.4 2>&1
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove foo > rndc.out.ns4.test$n.5 2>&1
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -r foo > rndc.out.ns4.test$n.6 2>&1
+grep "'nta' failed: not found" rndc.out.ns4.test$n.6 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: testing NTA with bogus lifetimes ($n)"
+echo "I:check with no nta lifetime specified"
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1
+grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.1 > /dev/null || ret=1
+echo "I:check with bad nta lifetime"
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1
+grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.2 > /dev/null || ret=1
+echo "I:check with too long nta lifetime"
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -l 5d23h foo > rndc.out.ns4.test$n.3 2>&1
+grep "'nta' failed: out of range" rndc.out.ns4.test$n.3 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+
 # Run a minimal update test if possible.  This is really just
 # a regression test for RT #2399; more tests should be added.