Merge branch '3911-reconfig-zone-view-revert-bugfix' into 'main'

Fix view's zones reverting bug during reconfiguration Closes #3911 See merge request isc-projects/bind9!7632
2025-08-31 14:35:26 +00:00 · 2023-03-01 15:35:27 +00:00
parent f6f525132b e1036253db
commit ad5b8fff05
5 changed files with 60 additions and 6 deletions
--- a/5
+++ b/5
@@ -1,3 +1,8 @@
 6119.	[bug]		Make sure to revert the reconfigured zones to the
 			previous version of the view, when the new view
 			reconfiguration fails during the configuration of
 			one of the configured zones. [GL #3911]
 6118.	[func]		Add 'cds-digest-types' configuration option. Also allow
 			dnssec-signzone to create multple CDS records.
 			[GL #3837]
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -4060,7 +4060,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	const cfg_obj_t *dyndb_list, *plugin_list;
 	const cfg_obj_t *disabled;
 	const cfg_obj_t *obj, *obj2;
-	const cfg_listelt_t *element;
+	const cfg_listelt_t *element = NULL;
 	const cfg_listelt_t *zone_element_latest = NULL;
 	in_port_t port;
 	dns_cache_t *cache = NULL;
 	isc_result_t result;
@@ -4077,7 +4078,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 	dns_dispatch_t *dispatch6 = NULL;
 	bool rpz_configured = false;
 	bool catz_configured = false;
 	bool zones_configured = false;
 	bool shared_cache = false;
 	int i = 0, j = 0, k = 0;
 	const char *str;
@@ -4187,8 +4187,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
 		const cfg_obj_t *zconfig = cfg_listelt_value(element);
 		CHECK(configure_zone(config, zconfig, vconfig, view, viewlist,
 				     kasplist, actx, false, old_rpz_ok, false));
 		zone_element_latest = element;
 	}
 	zones_configured = true;
 	/*
 	 * Check that a primary or secondary zone was found for each
@@ -6039,7 +6039,7 @@ cleanup:
 			dns_view_detach(&pview);
 		}
-		if (zones_configured) {
+		if (zone_element_latest != NULL) {
 			for (element = cfg_list_first(zonelist);
 			     element != NULL; element = cfg_list_next(element))
 			{
@@ -6047,6 +6047,13 @@ cleanup:
 					cfg_listelt_value(element);
 				configure_zone_setviewcommit(result, zconfig,
 							     view);
 				if (element == zone_element_latest) {
 					/*
 					 * This was the latest element that was
 					 * successfully configured earlier.
 					 */
 					break;
 				}
 			}
 		}
 	}
--- a/bin/tests/system/catz/ns2/named1.conf.in
+++ b/bin/tests/system/catz/ns2/named1.conf.in
@@ -78,7 +78,7 @@ view "default" {
 	};
 	# A faulty dlz configuration to check if named and catz survive a certain class
-	# of failed configuration attempts (see GL#3060).
+	# of failed configuration attempts (see GL #3060).
 	# We use "dlz" because the dlz processing code is located in an ideal place in
 	# the view configuration function for the test to cover the view reverting code.
 #T3	dlz "bad-dlz" {
@@ -126,6 +126,15 @@ view "default" {
 		primaries { 10.53.0.1; };
 	};
 	# When the following zone configuration is enabled, "dom3.example" should
 	# already exist as a member of "catalog1.example", and named should be able
 	# to deal with that situation (see GL #3911). Make sure that this duplicate
 	# zone comes after the the "catalog1.example" zone in the configuration file.
 #T4	zone "dom3.example" {
 #T4	    type secondary;
 #T4	    file "dom2.example.db";
 #T4	};
 	# No "version" property
 	zone "catalog-bad1.example" {
 		type secondary;
--- a/bin/tests/system/catz/tests.sh
+++ b/bin/tests/system/catz/tests.sh
@@ -656,6 +656,7 @@ status=$((status+ret))
 nextpart ns2/named.run >/dev/null
 # GL #3060
 n=$((n+1))
 echo_i "reconfiguring secondary - checking if catz survives a certain class of failed reconfiguration attempts ($n)"
 ret=0
@@ -682,6 +683,36 @@ status=$((status+ret))
 nextpart ns2/named.run >/dev/null
 # GL #3911
 n=$((n+1))
 echo_i "reconfiguring secondary - checking if catz survives another type of failed reconfiguration attempts ($n)"
 ret=0
 sed -e "s/^#T4//" < ns2/named1.conf.in > ns2/named.conf.tmp
 copy_setports ns2/named.conf.tmp ns2/named.conf
 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig > /dev/null 2>&1 && ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 # catalog zone update can be deferred
 sleep 2
 n=$((n+1))
 echo_i "checking again that dom3.example. is served by secondary ($n)"
 ret=0
 wait_for_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 n=$((n+1))
 echo_i "reconfiguring secondary - reverting the bad configuration ($n)"
 ret=0
 copy_setports ns2/named1.conf.in ns2/named.conf
 rndccmd 10.53.0.2 reconfig || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 nextpart ns2/named.run >/dev/null
 n=$((n+1))
 echo_i "adding a domain dom-existing.example. to primary via RNDC ($n)"
 ret=0
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -75,7 +75,9 @@ Feature Changes
 Bug Fixes
 ~~~~~~~~~
- None.
+- :iscman:`named` could crash with an assertion failure when adding a new zone
  into the configuration file for a name, which is already configured as a
  member zone for a catalog zone. This has been fixed. :gl:`#3911`
 Known Issues
 ~~~~~~~~~~~~