1. 05 Aug, 2020 2 commits
  2. 27 Jul, 2020 1 commit
    • Diego Fronza's avatar
      Fix rpz wildcard name matching · 33ae88f0
      Diego Fronza authored
      Whenever an exact match is found by dns_rbt_findnode(),
      the highest level node in the chain will not be put into
      chain->levels[] array, but instead the chain->end
      pointer will be adjusted to point to that node.
      
      Suppose we have the following entries in a rpz zone:
      example.com     CNAME rpz-passthru.
      *.example.com   CNAME rpz-passthru.
      
      A query for www.example.com would result in the
      following chain object returned by dns_rbt_findnode():
      
      chain->level_count = 2
      chain->level_matches = 2
      chain->levels[0] = .
      chain->levels[1] = example.com
      chain->levels[2] = NULL
      chain->end = www
      
      Since exact matches only care for testing rpz set bits,
      we need to test for rpz wild bits through iterating the nodechain, and
      that includes testing the rpz wild bits in the highest level node found.
      
      In the case of an exact match, chain->levels[chain->level_matches]
      will be NULL, to address that we must use chain->end as the start point,
      then iterate over the remaining levels in the chain.
      33ae88f0
  3. 24 Jul, 2020 2 commits
  4. 15 Jul, 2020 1 commit
  5. 14 Jul, 2020 1 commit
  6. 13 Jul, 2020 3 commits
  7. 10 Jul, 2020 1 commit
    • Michał Kępień's avatar
      Fix locking for LMDB 0.9.26 · 25818ac8
      Michał Kępień authored
      When "rndc reconfig" is run, named first configures a fresh set of views
      and then tears down the old views.  Consider what happens for a single
      view with LMDB enabled; "envA" is the pointer to the LMDB environment
      used by the original/old version of the view, "envB" is the pointer to
      the same LMDB environment used by the new version of that view:
      
       1. mdb_env_open(envA) is called when the view is first created.
       2. "rndc reconfig" is called.
       3. mdb_env_open(envB) is called for the new instance of the view.
       4. mdb_env_close(envA) is called for the old instance of the view.
      
      This seems to have worked so far.  However, an upstream change [1] in
      LMDB which will be part of its 0.9.26 release prevents the above
      sequence of calls from working as intended because the locktable mutexes
      will now get destroyed by the mdb_env_close() call in step 4 above,
      causing any subsequent mdb_txn_begin() calls to fail (because all of the
      above steps are happening within a single named process).
      
      Preventing the above scenario from happening would require either
      redesigning the way we use LMDB in BIND, which is not something we can
      easily backport, or redesigning the way BIND carries out its
      reconfiguration process, which would be an even more severe change.
      
      To work around the problem, set MDB_NOLOCK when calling mdb_env_open()
      to stop LMDB from controlling concurrent access to the database and do
      the necessary locking in named instead.  Reuse the view->new_zone_lock
      mutex for this purpose to prevent the need for modifying struct dns_view
      (which would necessitate library API version bumps).  Drop use of
      MDB_NOTLS as it is made redundant by MDB_NOLOCK: MDB_NOTLS only affects
      where LMDB reader locktable slots are stored while MDB_NOLOCK prevents
      the reader locktable from being used altogether.
      
      [1] https://git.openldap.org/openldap/openldap/-/commit/2fd44e325195ae81664eb5dc36e7d265927c5ebc
      
      (cherry picked from commit 53120279)
      25818ac8
  8. 08 Jul, 2020 1 commit
  9. 01 Jul, 2020 1 commit
  10. 26 Jun, 2020 1 commit
  11. 25 Jun, 2020 2 commits
  12. 22 Jun, 2020 1 commit
  13. 18 Jun, 2020 2 commits
  14. 12 Jun, 2020 1 commit
  15. 06 Jun, 2020 1 commit
    • Witold Krecicki's avatar
      Fix a data access race in resolver · b0707ebb
      Witold Krecicki authored
      We were passing client address to dns_resolver_createfetch as a pointer
      and it was saved as a pointer. The client (with its address) could be
      gone before the fetch is finished, and in a very odd scenario
      log_formerr would call isc_sockaddr_format() which first checks if the
      address family is valid (and at this point it still is), then the
      sockaddr is cleared, and then isc_netaddr_fromsockaddr is called which
      fails an assertion as the address family is now invalid.
      
      (cherry picked from commit 175c4d90)
      b0707ebb
  16. 05 Jun, 2020 1 commit
  17. 03 Jun, 2020 2 commits
    • Ondřej Surý's avatar
      Change the invalid CIDR from parser error to warning · 7e2d9531
      Ondřej Surý authored
      In [RT #43367], the BIND 9 changed the strictness of address / prefix
      length checks:
      
          Check prefixes in acls to make sure the address and
          prefix lengths are consistent.  Warn only in
          BIND 9.11 and earlier.
      
      Unfortunately, a regression slipped in and the check was made an error
      also in the BIND 9.11.  This commit fixes the regression, but turning
      the error into a warning.
      7e2d9531
    • Witold Krecicki's avatar
      tests: fix isc/socket_test.c teardown · c6ec2aae
      Witold Krecicki authored
      In case of a test failure we weren't tearing down sockets and tasks
      properly, causing the test to hang instead of failing nicely.
      
      (cherry picked from commit 4a8d9250)
      c6ec2aae
  18. 27 May, 2020 1 commit
  19. 19 May, 2020 4 commits
  20. 13 May, 2020 2 commits
  21. 12 May, 2020 1 commit
  22. 06 May, 2020 1 commit
  23. 04 May, 2020 1 commit
    • Evan Hunt's avatar
      Fix outstanding cppcheck errors · 7e76da18
      Evan Hunt authored
      lib/dns/sdb.c:1145:warning: Either the condition '(sdb)!=((void*)0)' is
      redundant or there is possible null pointer dereference: sdb."
      
      lib/dns/sdb.c:1208: Either the condition '(node)!=((void*)0)' is
      redundant or there is possible null pointer dereference: sdbnode.
      7e76da18
  24. 01 May, 2020 1 commit
    • Mark Andrews's avatar
      Mimic nzf_append from bin/named/server.c · 48f7566b
      Mark Andrews authored
      nzf_append is conditionally compiled and this is intended to
      catch error introduced by changes to the called functions on all
      systems before the changes are run through the CI.
      
      (cherry picked from commit a66c6fc8)
      48f7566b
  25. 30 Apr, 2020 1 commit
  26. 20 Apr, 2020 1 commit
  27. 16 Apr, 2020 3 commits
    • Michał Kępień's avatar
      Tweak library API versions · 255be080
      Michał Kępień authored
      255be080
    • Ondřej Surý's avatar
      _getcwd() on Windows needs direct.h header · 5e2d1991
      Ondřej Surý authored
      The _getcwd() compatibility function on Microsoft CRT requires direct.h
      header to pull a proper function prototype.
      
      The (misleading) warning generated:
      
        bin\named\server.c(1074): warning C4047: '==': 'int' differs in levels of indirection from 'void *'
      5e2d1991
    • Ondřej Surý's avatar
      Disable C4090 in libisccfg · ebb61658
      Ondřej Surý authored
      The MSVC detects mismatch of const qualifiers in cfg_map_{first,next}clause
      functions just in BIND 9.11.  As this is harmless in this particular
      case, just disable the warning for these two functions.
      
      The warnings reported:
      
        lib\isccfg\parser.c(2160): warning C4090: '=': different 'const' qualifiers
        lib\isccfg\parser.c(2184): warning C4090: '=': different 'const' qualifiers
      ebb61658