diff --git a/CHANGES b/CHANGES index 9f4c3f5ed8..589528fe19 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4863. [bug] Fix various other bugs reported by Valgrind's + memcheck tool. [RT #46978] + 4862. [bug] The rdata flags for RRSIG were not being properly set when constructing a rdataslab. [RT #46978] diff --git a/lib/dns/include/dns/nta.h b/lib/dns/include/dns/nta.h index 86a723008c..991a57fff1 100644 --- a/lib/dns/include/dns/nta.h +++ b/lib/dns/include/dns/nta.h @@ -41,7 +41,6 @@ struct dns_ntatable { unsigned int magic; dns_view_t *view; isc_rwlock_t rwlock; - isc_uint32_t recheck; isc_taskmgr_t *taskmgr; isc_timermgr_t *timermgr; isc_task_t *task; diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 7412ad7d11..fa1f82cdb5 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -1264,6 +1264,9 @@ dns_zone_getjournalsize(dns_zone_t *zone); isc_result_t dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, dns_message_t *msg); +isc_result_t +dns_zone_notifyreceive2(dns_zone_t *zone, isc_sockaddr_t *from, + isc_sockaddr_t *to, dns_message_t *msg); /*%< * Tell the zone that it has received a NOTIFY message from another * server. This may cause some zone maintenance activity to occur. diff --git a/lib/dns/nta.c b/lib/dns/nta.c index 6823a525d2..46189c8b27 100644 --- a/lib/dns/nta.c +++ b/lib/dns/nta.c @@ -238,7 +238,7 @@ fetch_done(isc_task_t *task, isc_event_t *event) { * If we're expiring before the next recheck, we might * as well stop the timer now. */ - if (nta->timer != NULL && nta->expiry - now < ntatable->recheck) + if (nta->timer != NULL && nta->expiry - now < view->nta_recheck) (void) isc_timer_reset(nta->timer, isc_timertype_inactive, NULL, NULL, ISC_TRUE); nta_detach(view->mctx, &nta); diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c index da89892e08..cfeaf2e2e6 100644 --- a/lib/dns/rdataslab.c +++ b/lib/dns/rdataslab.c @@ -288,7 +288,9 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, region->base = rawbuf; region->length = buflen; + memset(rawbuf, 0, buflen); rawbuf += reservelen; + #if DNS_RDATASET_FIXED offsetbase = rawbuf; #endif diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index ecff2dda32..f0dcd483f0 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1888,6 +1888,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, query->sends = 0; query->connects = 0; query->dscp = addrinfo->dscp; + query->udpsize = 0; /* * Note that the caller MUST guarantee that 'addrinfo' will remain * valid until this query is canceled. diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in index 8f71c0a3e2..f25e73c199 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in @@ -1271,6 +1271,7 @@ dns_zone_nameonly dns_zone_next dns_zone_notify dns_zone_notifyreceive +dns_zone_notifyreceive2 dns_zone_nscheck dns_zone_refresh dns_zone_rekey diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 758c4ccc72..4469ad35ab 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1063,6 +1063,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { zone->rss_event = NULL; zone->rss_state = NULL; zone->updatemethod = dns_updatemethod_increment; + zone->maxrecords = 0U; zone->magic = ZONE_MAGIC; @@ -13162,6 +13163,13 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags, isc_result_t dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, dns_message_t *msg) +{ + return (dns_zone_notifyreceive2(zone, from, NULL, msg)); +} + +isc_result_t +dns_zone_notifyreceive2(dns_zone_t *zone, isc_sockaddr_t *from, + isc_sockaddr_t *to, dns_message_t *msg) { unsigned int i; dns_rdata_soa_t soa; @@ -13171,7 +13179,6 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, char fromtext[ISC_SOCKADDR_FORMATSIZE]; int match = 0; isc_netaddr_t netaddr; - isc_sockaddr_t local, remote; isc_uint32_t serial = 0; isc_boolean_t have_serial = ISC_FALSE; dns_tsigkey_t *tsigkey; @@ -13207,7 +13214,7 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, LOCK_ZONE(zone); INSIST(zone != zone->raw); if (inline_secure(zone)) { - result = dns_zone_notifyreceive(zone->raw, from, msg); + result = dns_zone_notifyreceive2(zone->raw, from, to, msg); UNLOCK_ZONE(zone); return (result); } @@ -13351,10 +13358,11 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, dns_zone_log(zone, ISC_LOG_INFO, "notify from %s: no serial", fromtext); zone->notifyfrom = *from; - remote = zone->masteraddr; - local = zone->sourceaddr; UNLOCK_ZONE(zone); - dns_zonemgr_unreachabledel(zone->zmgr, &remote, &local); + + if (to != NULL) { + dns_zonemgr_unreachabledel(zone->zmgr, from, to); + } dns_zone_refresh(zone); return (ISC_R_SUCCESS); } @@ -19016,6 +19024,7 @@ dns_zone_setnsec3param(dns_zone_t *zone, isc_uint8_t hash, isc_uint8_t flags, dns_nsec3param_toprivate(&nrdata, &prdata, zone->privatetype, np->data, sizeof(np->data)); np->length = prdata.length; + np->nsec = ISC_FALSE; } zone_iattach(zone, &dummy); diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c index 98eb2caac8..51478e0b75 100644 --- a/lib/isc/unix/socket.c +++ b/lib/isc/unix/socket.c @@ -1448,6 +1448,9 @@ build_msghdr_send(isc__socket_t *sock, isc_socketevent_t *dev, #endif memset(msg, 0, sizeof(*msg)); + if (sock->sendcmsgbuflen != 0U) { + memset(sock->sendcmsgbuf, 0, sock->sendcmsgbuflen); + } if (!sock->connected) { msg->msg_name = (void *)&dev->address.type.sa; diff --git a/lib/ns/client.c b/lib/ns/client.c index af5183c6f7..a3c9f2ff0f 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -2626,6 +2626,8 @@ ns__client_request(isc_task_t *task, isc_event_t *event) { } } + isc_sockaddr_fromnetaddr(&client->destsockaddr, &client->destaddr, 0); + if ((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) { ecs = &client->ecs; } @@ -3715,6 +3717,11 @@ ns_client_getsockaddr(ns_client_t *client) { return (&client->peeraddr); } +isc_sockaddr_t * +ns_client_getdestaddr(ns_client_t *client) { + return (&client->destsockaddr); +} + isc_result_t ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr, dns_acl_t *acl, isc_boolean_t default_allow) diff --git a/lib/ns/include/ns/client.h b/lib/ns/include/ns/client.h index 9034910b1e..83095e02da 100644 --- a/lib/ns/include/ns/client.h +++ b/lib/ns/include/ns/client.h @@ -135,6 +135,7 @@ struct ns_client { isc_sockaddr_t peeraddr; isc_boolean_t peeraddr_valid; isc_netaddr_t destaddr; + isc_sockaddr_t destsockaddr; dns_ecs_t ecs; /*%< EDNS client subnet sent by client */ @@ -303,6 +304,13 @@ ns_client_getsockaddr(ns_client_t *client); * currently being processed. */ +isc_sockaddr_t * +ns_client_getdestaddr(ns_client_t *client); +/*%< + * Get the destination address (server) for the request that is + * currently being processed. + */ + isc_result_t ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr, dns_acl_t *acl, isc_boolean_t default_allow); diff --git a/lib/ns/notify.c b/lib/ns/notify.c index 29084124c9..f9be05f59e 100644 --- a/lib/ns/notify.c +++ b/lib/ns/notify.c @@ -80,7 +80,8 @@ ns_notify_start(ns_client_t *client) { if (result != ISC_R_SUCCESS) { notify_log(client, ISC_LOG_NOTICE, "notify question section empty"); - goto formerr; + result = DNS_R_FORMERR; + goto done; } /* @@ -92,7 +93,8 @@ ns_notify_start(ns_client_t *client) { if (ISC_LIST_NEXT(zone_rdataset, link) != NULL) { notify_log(client, ISC_LOG_NOTICE, "notify question section contains multiple RRs"); - goto formerr; + result = DNS_R_FORMERR; + goto done; } /* The zone section must have exactly one name. */ @@ -100,14 +102,16 @@ ns_notify_start(ns_client_t *client) { if (result != ISC_R_NOMORE) { notify_log(client, ISC_LOG_NOTICE, "notify question section contains multiple RRs"); - goto formerr; + result = DNS_R_FORMERR; + goto done; } /* The one rdataset must be an SOA. */ if (zone_rdataset->type != dns_rdatatype_soa) { notify_log(client, ISC_LOG_NOTICE, "notify question section contains no SOA"); - goto formerr; + result = DNS_R_FORMERR; + goto done; } tsigkey = dns_message_gettsigkey(request); @@ -126,38 +130,33 @@ ns_notify_start(ns_client_t *client) { } } else tsigbuf[0] = '\0'; + dns_name_format(zonename, namebuf, sizeof(namebuf)); - result = dns_zt_find(client->view->zonetable, zonename, 0, NULL, - &zone); - if (result != ISC_R_SUCCESS) - goto notauth; + result = dns_zt_find(client->view->zonetable, zonename, 0, NULL, &zone); + if (result == ISC_R_SUCCESS) { + dns_zonetype_t zonetype = dns_zone_gettype(zone); - switch (dns_zone_gettype(zone)) { - case dns_zone_master: - case dns_zone_slave: - case dns_zone_stub: /* Allow dialup passive to work. */ - notify_log(client, ISC_LOG_INFO, - "received notify for zone '%s'%s", namebuf, tsigbuf); - respond(client, dns_zone_notifyreceive(zone, - ns_client_getsockaddr(client), request)); - break; - default: - goto notauth; + if ((zonetype == dns_zone_master) || + (zonetype == dns_zone_slave) || + (zonetype == dns_zone_stub)) + { + isc_sockaddr_t *from = ns_client_getsockaddr(client); + isc_sockaddr_t *to = ns_client_getdestaddr(client); + notify_log(client, ISC_LOG_INFO, + "received notify for zone '%s'%s", + namebuf, tsigbuf); + result = dns_zone_notifyreceive2(zone, from, to, + request); + goto done; + } } - dns_zone_detach(&zone); - return; - notauth: notify_log(client, ISC_LOG_NOTICE, "received notify for zone '%s'%s: not authoritative", namebuf, tsigbuf); result = DNS_R_NOTAUTH; - goto failure; - formerr: - result = DNS_R_FORMERR; - - failure: + done: if (zone != NULL) dns_zone_detach(&zone); respond(client, result); diff --git a/lib/ns/win32/libns.def b/lib/ns/win32/libns.def index 6fc52382e0..196acd47ac 100644 --- a/lib/ns/win32/libns.def +++ b/lib/ns/win32/libns.def @@ -18,6 +18,7 @@ ns_client_detach ns_client_dumprecursing ns_client_error ns_client_getsockaddr +ns_client_getdestaddr ns_client_killoldestquery ns_client_log ns_client_logv