mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

2938. [bug] When skipping NSEC3 records that don't match the

Browse Source 
current NSEC3PARAM record in use for zone named
                        could dereference a uninitialised pointer attempting
                        to obtain a lock. [RT# 21868]
This commit is contained in:
Mark Andrews
2010-08-13 06:46:25 +00:00
parent ef0d20244d
commit c73d8c1b72
8 changed files with 105 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@@ -1,3 +1,9 @@
2938. [bug] When generating signed responses, from a signed zone
that uses NSEC3, named would use a uninitialised
pointer if it needed to skip a NSEC3 record because
it didn't match the selected NSEC3PARAM record for
zone. [RT# 21868]
2937. [bug] Worked around an apparent race condition in over 2937. [bug] Worked around an apparent race condition in over
memory conditions. Without this fix a DNS cache DB or memory conditions. Without this fix a DNS cache DB or
ADB could incorrectly stay in an over memory state, ADB could incorrectly stay in an over memory state,

3
bin/tests/system/dnssec/clean.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.28 2010/06/25 03:24:05 marka Exp $ # $Id: clean.sh,v 1.29 2010/08/13 06:46:24 marka Exp $
rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
rm -f ns1/root.db ns2/example.db ns3/secure.example.db rm -f ns1/root.db ns2/example.db ns3/secure.example.db
@@ -23,6 +23,7 @@ rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db
rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl
rm -f ns3/rsasha256.example.db ns3/rsasha512.example.db rm -f ns3/rsasha256.example.db ns3/rsasha512.example.db
rm -f ns2/private.secure.example.db rm -f ns2/private.secure.example.db
rm -f ns2/badparam.db ns2/badparam.db.bad
rm -f */example.bk rm -f */example.bk
rm -f dig.out.* rm -f dig.out.*
rm -f random.data rm -f random.data

6
bin/tests/system/dnssec/dnssec_update_test.pl
View File

@@ -32,7 +32,7 @@
# #
# perl -MCPAN -e "install Net::DNS" # perl -MCPAN -e "install Net::DNS"
# #
# $Id: dnssec_update_test.pl,v 1.5 2007/06/19 23:47:02 tbox Exp $ # $Id: dnssec_update_test.pl,v 1.6 2010/08/13 06:46:24 marka Exp $
# #
use Getopt::Std; use Getopt::Std;
@@ -97,9 +97,9 @@ section("Delete the name");
test("NOERROR", ["update", rr_del("a.$zone")]); test("NOERROR", ["update", rr_del("a.$zone")]);
if ($failures) { if ($failures) {
print "I:$failures tests failed.\n"; print "I:$failures update tests failed.\n";
} else { } else {
print "I:All tests successful.\n"; print "I:All update tests successful.\n";
} }
exit $failures; exit $failures;

26
bin/tests/system/dnssec/ns2/badparam.db.in Normal file
View File

@@ -0,0 +1,26 @@
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: badparam.db.in,v 1.2 2010/08/13 06:46:24 marka Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2010081000 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2

8
bin/tests/system/dnssec/ns2/named.conf
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: named.conf,v 1.30 2008/09/25 04:02:38 tbox Exp $ */ /* $Id: named.conf,v 1.31 2010/08/13 06:46:24 marka Exp $ */
// NS2 // NS2
@@ -80,4 +80,10 @@ zone "child.optout.example" {
allow-update { none; }; allow-update { none; };
}; };
zone "badparam" {
type master;
file "badparam.db.bad";
};
include "trusted.conf"; include "trusted.conf";

18
bin/tests/system/dnssec/ns2/sign.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.38 2010/01/18 23:48:40 tbox Exp $ # $Id: sign.sh,v 1.39 2010/08/13 06:46:25 marka Exp $
SYSTEMTESTTOP=../.. SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -114,3 +114,19 @@ dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile
$SIGNER -P -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null $SIGNER -P -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null
# Sign the badparam secure file
zone=badparam.
infile=badparam.db.in
zonefile=badparam.db
keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -P -3 - -H 1 -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
sed 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' $zonefile.signed > $zonefile.bad

13
bin/tests/system/dnssec/tests.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.68 2010/08/09 22:34:56 each Exp $ # $Id: tests.sh,v 1.69 2010/08/13 06:46:24 marka Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -995,6 +995,17 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
#
# RT21868 regression test.
#
echo "I:checking NSEC3 zone with mismatched NSEC3PARAM / NSEC parameters ($n)"
ret=0
$DIG $DIGOPTS non-exist.badparam. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
# Run a minimal update test if possible. This is really just # Run a minimal update test if possible. This is really just
# a regression test for RT #2399; more tests should be added. # a regression test for RT #2399; more tests should be added.

55
lib/dns/rbtdb.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: rbtdb.c,v 1.302 2010/08/11 22:54:58 jinmei Exp $ */ /* $Id: rbtdb.c,v 1.303 2010/08/13 06:46:24 marka Exp $ */
/*! \file */ /*! \file */
@@ -3275,6 +3275,9 @@ matchparams(rdatasetheader_t *header, rbtdb_search_t *search)
return (ISC_FALSE); return (ISC_FALSE);
} }
/*
* Find node of the NSEC/NSEC3 record that is 'name'.
*/
static inline isc_result_t static inline isc_result_t
previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search, previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
dns_name_t *name, dns_name_t *origin, dns_name_t *name, dns_name_t *origin,
@@ -3286,15 +3289,15 @@ previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
dns_rbtnode_t *nsecnode; dns_rbtnode_t *nsecnode;
isc_result_t result; isc_result_t result;
REQUIRE(nodep != NULL && *nodep == NULL);
if (type == dns_rdatatype_nsec3) { if (type == dns_rdatatype_nsec3) {
result = dns_rbtnodechain_prev(&search->chain, NULL, NULL); result = dns_rbtnodechain_prev(&search->chain, NULL, NULL);
if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN)
return (result); return (result);
result = dns_rbtnodechain_current(&search->chain, name, origin, result = dns_rbtnodechain_current(&search->chain, name, origin,
nodep); nodep);
if (result != ISC_R_SUCCESS) return (result);
return (result);
return (ISC_R_SUCCESS);
} }
dns_fixedname_init(&ftarget); dns_fixedname_init(&ftarget);
@@ -3327,11 +3330,11 @@ previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
* Try the previous node in the NSEC tree. * Try the previous node in the NSEC tree.
*/ */
result = dns_rbtnodechain_prev(nsecchain, result = dns_rbtnodechain_prev(nsecchain,
name, origin); name, origin);
if (result == DNS_R_NEWORIGIN) if (result == DNS_R_NEWORIGIN)
result = ISC_R_SUCCESS; result = ISC_R_SUCCESS;
} else if (result == ISC_R_NOTFOUND } else if (result == ISC_R_NOTFOUND ||
|| result == DNS_R_PARTIALMATCH) { result == DNS_R_PARTIALMATCH) {
result = dns_rbtnodechain_current(nsecchain, result = dns_rbtnodechain_current(nsecchain,
name, origin, NULL); name, origin, NULL);
if (result == ISC_R_NOTFOUND) if (result == ISC_R_NOTFOUND)
@@ -3348,8 +3351,6 @@ previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
result = dns_rbtnodechain_prev(nsecchain, name, origin); result = dns_rbtnodechain_prev(nsecchain, name, origin);
if (result == DNS_R_NEWORIGIN) if (result == DNS_R_NEWORIGIN)
result = ISC_R_SUCCESS; result = ISC_R_SUCCESS;
if (result != ISC_R_SUCCESS)
return (result);
} }
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);
@@ -3373,10 +3374,7 @@ previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
* same name as the node in the auxiliary NSEC tree, except for * same name as the node in the auxiliary NSEC tree, except for
* nodes in the auxiliary tree that are awaiting deletion. * nodes in the auxiliary tree that are awaiting deletion.
*/ */
if (result == DNS_R_PARTIALMATCH) if (result != DNS_R_PARTIALMATCH && result != ISC_R_NOTFOUND) {
result = ISC_R_NOTFOUND;
if (result != ISC_R_NOTFOUND) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_CACHE, ISC_LOG_ERROR, DNS_LOGMODULE_CACHE, ISC_LOG_ERROR,
"previous_closest_nsec(): %s", "previous_closest_nsec(): %s",
@@ -3386,6 +3384,11 @@ previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
} }
} }
/*
* Find the NSEC/NSEC3 which is or before the current point on the
* search chain. For NSEC3 records only NSEC3 records that match the
* current NSEC3PARAM record are considered.
*/
static inline isc_result_t static inline isc_result_t
find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep, find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
dns_name_t *foundname, dns_rdataset_t *rdataset, dns_name_t *foundname, dns_rdataset_t *rdataset,
@@ -3419,15 +3422,16 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
* Use the auxiliary tree only starting with the second node in the * Use the auxiliary tree only starting with the second node in the
* hope that the original node will be right much of the time. * hope that the original node will be right much of the time.
*/ */
dns_fixedname_init(&fname); dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname); name = dns_fixedname_name(&fname);
dns_fixedname_init(&forigin); dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin); origin = dns_fixedname_name(&forigin);
again: again:
node = NULL; node = NULL;
prevnode = NULL;
result = dns_rbtnodechain_current(&search->chain, name, origin, &node); result = dns_rbtnodechain_current(&search->chain, name, origin, &node);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);
do { do {
NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock), NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
isc_rwlocktype_read); isc_rwlocktype_read);
@@ -3478,8 +3482,10 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
empty_node = ISC_TRUE; empty_node = ISC_TRUE;
found = NULL; found = NULL;
foundsig = NULL; foundsig = NULL;
result = dns_rbtnodechain_prev(&search->chain, result = previous_closest_nsec(type, search,
NULL, NULL); name, origin,
&prevnode, NULL,
NULL);
} else if (found != NULL && } else if (found != NULL &&
(foundsig != NULL || !need_sig)) { (foundsig != NULL || !need_sig)) {
/* /*
@@ -3519,8 +3525,10 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
*/ */
empty_node = ISC_TRUE; empty_node = ISC_TRUE;
result = previous_closest_nsec(type, search, result = previous_closest_nsec(type, search,
name, origin, &prevnode, name, origin,
&nsecchain, &first); &prevnode,
&nsecchain,
&first);
} else { } else {
/* /*
* We found an active node, but either the * We found an active node, but either the
@@ -3541,6 +3549,7 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock), NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
isc_rwlocktype_read); isc_rwlocktype_read);
node = prevnode; node = prevnode;
prevnode = NULL;
} while (empty_node && result == ISC_R_SUCCESS); } while (empty_node && result == ISC_R_SUCCESS);
if (!first) if (!first)