mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 01:59:26 +00:00
Code Issues Releases Wiki Activity

Disallow TYPE0 to be queried or inserted into the database

Browse Source 
The RR type 0 is a reserved type for SIG[1] resource record.  It should
not be ever inserted into the database nor queried.  Add a special
handling to bail out quickly with DNS_R_DISALLOWED when inserting and
ISC_R_NOTFOUND when looking up TYPE0.  This is also prerequisite for
stricter checks in the follow-up commit.

1. https://www.rfc-editor.org/rfc/rfc2535#section-4.1.8.1
This commit is contained in:
Ondřej Surý 2025-08-07 08:08:24 +02:00
parent f7143dca3f
commit 76c027e949
No known key found for this signature in database
GPG Key ID: 2820F37E873DEA41
4 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/dns/qpcache.c
View File

@ -2066,7 +2066,7 @@ qpcache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
dns_slabheader_t *header_prev = NULL, *header_next = NULL;
dns_slabheader_t *found = NULL, *foundsig = NULL;
dns_typepair_t typepair, sigpair, negpair;
isc_result_t result;
isc_result_t result = ISC_R_SUCCESS;
isc_rwlock_t *nlock = NULL;
isc_rwlocktype_t nlocktype = isc_rwlocktype_none;
qpc_search_t search = (qpc_search_t){
@ -2078,7 +2078,9 @@ qpcache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
REQUIRE(version == NULL);
REQUIRE(type != dns_rdatatype_any);
result = ISC_R_SUCCESS;
if (type == dns_rdatatype_none && covers == dns_rdatatype_none) {
return ISC_R_NOTFOUND;
}
nlock = &qpdb->buckets[qpnode->locknum].lock;
NODE_RDLOCK(nlock, &nlocktype);

4
lib/dns/qpzone.c
View File

@ -1631,6 +1631,10 @@ qpzone_findrdataset(dns_db_t *db, dns_dbnode_t *dbnode,
REQUIRE(type != dns_rdatatype_any);
INSIST(version == NULL || version->qpdb == qpdb);
if (type == dns_rdatatype_none && covers == dns_rdatatype_none) {
return ISC_R_NOTFOUND;
}
if (version == NULL) {
currentversion(db, (dns_dbversion_t **)&version);
close_version = true;

6
lib/dns/rdataslab.c
View File

@ -341,6 +341,12 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
isc_region_t *region, uint32_t maxrrperset) {
isc_result_t result;
if (rdataset->type == dns_rdatatype_none &&
rdataset->covers == dns_rdatatype_none)
{
return DNS_R_DISALLOWED;
}
result = makeslab(rdataset, mctx, region, maxrrperset);
if (result == ISC_R_SUCCESS) {
dns_slabheader_t *new = (dns_slabheader_t *)region->base;

24
tests/dns/dbversion_test.c
View File

@ -277,15 +277,25 @@ ISC_RUN_TEST_IMPL(deleterdataset) {
ISC_RUN_TEST_IMPL(subtract) {
isc_result_t res;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdatalist_t rdatalist;
dns_dbnode_t *node = NULL;
char *txt = (char *)"\006text 1";
size_t len = strlen(txt);
UNUSED(state);
rdata.rdclass = dns_rdataclass_in;
rdata.type = dns_rdatatype_txt;
rdata.length = len;
rdata.data = (unsigned char *)txt;
dns_rdataset_init(&rdataset);
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = dns_rdataclass_in;
rdatalist.type = dns_rdatatype_txt;
ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
dns_rdatalist_tordataset(&rdatalist, &rdataset);
@ -316,15 +326,25 @@ ISC_RUN_TEST_IMPL(subtract) {
ISC_RUN_TEST_IMPL(addrdataset) {
isc_result_t res;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_dbnode_t *node = NULL;
dns_rdatalist_t rdatalist;
char *txt = (char *)"\006text 1";
size_t len = strlen(txt);
UNUSED(state);
rdata.rdclass = dns_rdataclass_in;
rdata.type = dns_rdatatype_txt;
rdata.length = len;
rdata.data = (unsigned char *)txt;
dns_rdataset_init(&rdataset);
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = dns_rdataclass_in;
rdatalist.type = dns_rdatatype_txt;
ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
dns_rdatalist_tordataset(&rdatalist, &rdataset);