Detecting conflicts between static and initializing keys is unreliable (#1082) · Issues · ISC Open Source Projects / BIND

Detecting conflicts between static and initializing keys is unreliable

The code checking for both static keys and initializing keys being configured for the same domain is unreliable because it calls isc_symtab_define() with the key parameter pointing to a stack-allocated variable. Meanwhile, symtab docs say:

The symbol table library does not make a copy the key field, so the caller must ensure that any key it passes to isc_symtab_define() will not change until it calls isc_symtab_undefine() or isc_symtab_destroy().

This issue manifests itself e.g. by named-checkconf failing to raise a configuration error for at least some configurations which intentionally contain both static and initializing keys for the same domain (e.g. bin/tests/system/checkconf/bad-duplicate-key.conf). If the namebuf local variable in record_static_keys() has a close, but not identical address as the namebuf local variable in check_initializing_keys(), lookups for previously defined symtab entries will fail when they should succeed - but this is just one possible failure mode.

The solution here is to ensure what the docs ask the developer to ensure (e.g. use isc_mem_strdup() for the keys passed to isc_symtab_define() and then clean the copies up properly when isc_mem_destroy() is called).

The code checking for both static keys and initializing keys being configured for the same domain is unreliable because it [calls][1] `isc_symtab_define()` with the `key` parameter pointing to a stack-allocated variable.  Meanwhile, symtab docs [say][2]:

> The symbol table library does not make a copy the key field, so the
> caller must ensure that any key it passes to isc_symtab_define() will not
> change until it calls isc_symtab_undefine() or isc_symtab_destroy().

This issue manifests itself e.g. by `named-checkconf` [failing to raise a configuration error][3] for at least some configurations which intentionally contain both static and initializing keys for the same domain (e.g. `bin/tests/system/checkconf/bad-duplicate-key.conf`).  If the `namebuf` local variable in `record_static_keys()` has a close, but not identical address as the `namebuf` local variable in `check_initializing_keys()`, lookups for previously defined symtab entries will fail when they should succeed - but this is just one possible failure mode.

The solution here is to ensure what the docs ask the developer to ensure (e.g. use `isc_mem_strdup()` for the keys passed to `isc_symtab_define()` and then clean the copies up properly when `isc_mem_destroy()` is called).

[1]: https://gitlab.isc.org/isc-projects/bind9/blob/90ff5a551aa6ba4340ae45f6ff3a97b3141d8b5c/lib/bind9/check.c#L3288-3289

[2]: https://gitlab.isc.org/isc-projects/bind9/blob/90ff5a551aa6ba4340ae45f6ff3a97b3141d8b5c/lib/isc/include/isc/symtab.h#L45-47

[3]: https://jenkins.isc.org/job/bind9-test-release-tarball/label=fedora-32-latest/22/testReport/junit/bind/system/checkconf/

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.