GitLab

The code checking for both static keys and initializing keys being configured for the same domain is unreliable because it calls isc_symtab_define() with the key parameter pointing to a stack-allocated variable. Meanwhile, symtab docs say:

The symbol table library does not make a copy the key field, so the caller must ensure that any key it passes to isc_symtab_define() will not change until it calls isc_symtab_undefine() or isc_symtab_destroy().

This issue manifests itself e.g. by named-checkconf failing to raise a configuration error for at least some configurations which intentionally contain both static and initializing keys for the same domain (e.g. bin/tests/system/checkconf/bad-duplicate-key.conf). If the namebuf local variable in record_static_keys() has a close, but not identical address as the namebuf local variable in check_initializing_keys(), lookups for previously defined symtab entries will fail when they should succeed - but this is just one possible failure mode.

The solution here is to ensure what the docs ask the developer to ensure (e.g. use isc_mem_strdup() for the keys passed to isc_symtab_define() and then clean the copies up properly when isc_mem_destroy() is called).