mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

2607. [bug] named could incorrectly delete NSEC3 records for

Browse Source 
empty nodes when processing a update request.
                        [RT #19749]
This commit is contained in:
Mark Andrews
2009-06-04 01:43:41 +00:00
parent aae46ae27b
commit f05a6b110f
2 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,3 +1,7 @@
2607. [bug] named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
[RT #19749]
2606. [bug] "delegation-only" was not being accepted in 2606. [bug] "delegation-only" was not being accepted in
delegation-only type zones. [RT #19717] delegation-only type zones. [RT #19717]

44
lib/dns/nsec3.c
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: nsec3.c,v 1.6 2008/11/17 23:46:42 marka Exp $ */ /* $Id: nsec3.c,v 1.7 2009/06/04 01:43:41 marka Exp $ */
#include <config.h> #include <config.h>
@@ -943,6 +943,42 @@ dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
return (result); return (result);
} }
/*%
* Determine whether any NSEC3 records that were associated with
* 'name' should be deleted or if they should continue to exist.
* ISC_TRUE indicates they should be deleted.
* ISC_FALSE indicates they should be retained.
*/
static isc_result_t
deleteit(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
isc_boolean_t *yesno)
{
isc_result_t result;
dns_fixedname_t foundname;
dns_fixedname_init(&foundname);
result = dns_db_find(db, name, ver, dns_rdatatype_any,
DNS_DBFIND_GLUEOK | DNS_DBFIND_NOWILD,
(isc_stdtime_t) 0, NULL,
dns_fixedname_name(&foundname),
NULL, NULL);
if (result == DNS_R_EMPTYNAME || result == ISC_R_SUCCESS ||
result == DNS_R_ZONECUT) {
*yesno = ISC_FALSE;
return (ISC_R_SUCCESS);
}
if (result == DNS_R_GLUE || result == DNS_R_DNAME ||
result == DNS_R_DELEGATION || result == DNS_R_NXDOMAIN) {
*yesno = ISC_TRUE;
return (ISC_R_SUCCESS);
}
/*
* Silence compiler.
*/
*yesno = ISC_TRUE;
return (result);
}
isc_result_t isc_result_t
dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
const dns_rdata_nsec3param_t *nsec3param, dns_diff_t *diff) const dns_rdata_nsec3param_t *nsec3param, dns_diff_t *diff)
@@ -961,7 +997,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_t rdataset; dns_rdataset_t rdataset;
int pass; int pass;
isc_boolean_t exists; isc_boolean_t yesno;
isc_buffer_t buffer; isc_buffer_t buffer;
isc_result_t result; isc_result_t result;
unsigned char *salt; unsigned char *salt;
@@ -1096,8 +1132,8 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
if (labels <= dns_name_countlabels(origin)) if (labels <= dns_name_countlabels(origin))
break; break;
dns_name_getlabelsequence(&empty, 1, labels, &empty); dns_name_getlabelsequence(&empty, 1, labels, &empty);
CHECK(name_exists(db, version, &empty, &exists)); CHECK(deleteit(db, version, &empty, &yesno));
if (exists) if (!yesno)
break; break;
CHECK(dns_nsec3_hashname(&fixed, nexthash, &next_length, CHECK(dns_nsec3_hashname(&fixed, nexthash, &next_length,