[master] avoid double-free in rrl

- RRL could assert when freeing qname - also, changed test addresses from 192.168/16 to 192.0/16
2025-08-30 22:15:20 +00:00 · 2013-02-26 19:15:11 -08:00
parent d654c95c96
commit 68357e5241
4 changed files with 15 additions and 14 deletions
--- a/bin/tests/system/rrl/ns2/tld2.db
+++ b/bin/tests/system/rrl/ns2/tld2.db
@@ -22,21 +22,21 @@ $TTL	120
 		NS	.
 ns		A	10.53.0.2

-a1		A	192.168.2.1
+a1		A	192.0.2.1

-*.a2		A	192.168.2.2
+*.a2		A	192.0.2.2

 ; a3 is in tld3

 ; a4 does not exist to give NXDOMAIN

 ; a5 for TCP requests
-a5		A	192.168.2.5
+a5		A	192.0.2.5

 ; a6 for whitelisted clients
-a6		A	192.168.2.6
+a6		A	192.0.2.6

 ; a7 for SERVFAIL

 ; a8 for all-per-second limit
-$GENERATE 101-180 all$.a8 A 192.168.2.8
+$GENERATE 101-180 all$.a8 A 192.0.2.8
--- a/bin/tests/system/rrl/ns3/tld3.db
+++ b/bin/tests/system/rrl/ns3/tld3.db
@@ -22,4 +22,4 @@ $TTL	120
 		NS	.
 ns		A	10.53.0.3

-*.a3		A	192.168.3.3
+*.a3		A	192.0.3.3
--- a/bin/tests/system/rrl/tests.sh
+++ b/bin/tests/system/rrl/tests.sh
@@ -156,11 +156,11 @@ burst 30 'x$CNT.a2.tld2'
 #					IP      TC      drop  NXDOMAIN SERVFAIL
 # check for 24 results
 # including the 1 second delay
-ck_result   a1.tld2	192.168.2.1	3	7	14	0	0
+ck_result   a1.tld2	192.0.2.1	3	7	14	0	0

 # Check the wild card answers.
 # The parent name of the 30 requests is counted.
-ck_result 'x*.a2.tld2'	192.168.2.2	2	10	18	0	0
+ck_result 'x*.a2.tld2'	192.0.2.2	2	10	18	0	0


 #########
@@ -173,7 +173,7 @@ burst 20 'z$CNT.a4.tld2'
 #   The first answer is counted separately because it is counted against
 #   the rate limit on recursing to the server for a3.tld3.  The remaining 20
 #   are counted as local responses from the cache.
-ck_result 'y*.a3.tld3'	192.168.3.3	3	6	12	0	0
+ck_result 'y*.a3.tld3'	192.0.3.3	3	6	12	0	0

 # NXDOMAIN responses are also limited based on the parent name.
 ck_result 'z*.a4.tld2'	x		0	6	12	2	0
@@ -187,14 +187,14 @@ burst 20 a6.tld2 -b $ns7
 burst 20 a7.tld4

 # TCP responses are not rate limited
-ck_result a5.tld2	192.168.2.5	20	0	0	0	0
+ck_result a5.tld2	192.0.2.5	20	0	0	0	0

 # whitelisted client is not rate limited
-ck_result a6.tld2	192.168.2.6	20	0	0	0	0
+ck_result a6.tld2	192.0.2.6	20	0	0	0	0

 # Errors such as SERVFAIL are rate limited.  The numbers are confusing, because
 #   other rate limiting can be triggered before the SERVFAIL limit is reached.
-ck_result a7.tld4	192.168.2.1	0	6	12	0	2
+ck_result a7.tld4	192.0.2.1	0	6	12	0	2


 #########
@@ -204,7 +204,7 @@ sec_start
 #   The qnames are all unique but the client IP address is constant.
 CNT=101
 burst 80 'all$CNT.a8.tld2'
-ck_result 'a*.a8.tld2'	192.168.2.8	70	0	10	0	0
+ck_result 'a*.a8.tld2'	192.0.2.8	70	0	10	0	0


 $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
--- a/lib/dns/rrl.c
+++ b/lib/dns/rrl.c
@@ -786,7 +786,8 @@ free_qname(dns_rrl_t *rrl, dns_rrl_entry_t *e) {
 	qbuf = get_qname(rrl, e);
 	if (qbuf != NULL) {
 		qbuf->e = NULL;
-		ISC_LIST_APPEND(rrl->qname_free, qbuf, link);
+		if (!ISC_LINK_LINKED(qbuf, link))
+			ISC_LIST_APPEND(rrl->qname_free, qbuf, link);
 	}
 }