2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Commit Graph

32784 Commits

Author SHA1 Message Date
Mark Andrews
1be2a83c67 Merge branch 'marka-fixup-dnssec' into 'main'
dnssec system test needs python and perl

See merge request isc-projects/bind9!4342
2020-11-03 00:48:58 +00:00
Mark Andrews
40ae128922 dnssec system test needs python and perl 2020-11-03 11:22:36 +11:00
Ondřej Surý
3ec9b5f1d9 Merge branch '2227-tcp-connection-closed-second-fix' into 'main'
Fix improper closed connection handling in tcpdns.

Closes #2227

See merge request isc-projects/bind9!4341
2020-11-02 22:52:01 +00:00
Ondřej Surý
c14c1fdd2c Put up additional safe guards to not use inactive/closed tcpdns socket
When we are operating on the tcpdns socket, we need to double check
whether the socket or its outerhandle or its listener or its mgr is
still active and when not, bail out early.
2020-11-02 20:58:00 +01:00
Ondřej Surý
cea4b4db8f Add CHANGES note for [GL #2227] 2020-11-02 15:10:28 +01:00
Witold Kręcicki
3ab3d90de0 Fix improper closed connection handling in tcpdns.
If dnslisten_readcb gets a read callback it needs to verify that the
outer socket wasn't closed in the meantime, and issue a CANCELED callback
if it was.
2020-11-02 15:10:28 +01:00
Michał Kępień
f8730ae1a2 Merge branch '2237-placeholder' into 'main'
Add placeholder for #2237

See merge request isc-projects/bind9!4343
2020-11-02 11:25:30 +00:00
Michał Kępień
2a33e5bf60 Add placeholder for #2237 2020-11-02 12:24:11 +01:00
Ondřej Surý
c933fa8d47 Merge branch '2235-add-netmgr-functions-to-support-outgoing-dns-queries' into 'main'
Resolve "Add netmgr functions to support outgoing DNS queries"

Closes #2235

See merge request isc-projects/bind9!4318
2020-10-30 13:40:18 +00:00
Evan Hunt
3a2dc05c92 CHANGES 2020-10-30 11:11:54 +01:00
Evan Hunt
8fcad58ea6 check return value from uv_tcp_getpeername() when connecting
if we can't determine the peer, the connect should fail.
2020-10-30 11:11:54 +01:00
Ondřej Surý
14f54d13dc add a netmgr unit test
tests of UDP and TCP cases including:
- sending and receiving
- closure sockets without reading or sending
- closure of sockets at various points while sending and receiving
- since the teste is multithreaded, cmocka now aborts tests on the
  first failure, so that failures in subthreads are caught and
  reported correctly.
2020-10-30 11:11:54 +01:00
Evan Hunt
26a3a22895 set REUSEPORT and REUSEADDR on TCP sockets if needed
When binding a TCP socket, if bind() fails with EADDRINUSE,
try again with REUSEPORT/REUSEADDR (or the equivalent options).
2020-10-30 11:11:54 +01:00
Ondřej Surý
ed3ab63f74 Fix more races between connect and shutdown
There were more races that could happen while connecting to a
socket while closing or shutting down the same socket.  This
commit introduces a .closing flag to guard the socket from
being closed twice.
2020-10-30 11:11:54 +01:00
Ondřej Surý
6cfadf9db0 Fix a race between isc__nm_async_shutdown() and new sends/reads
There was a data race where a new event could be scheduled after
isc__nm_async_shutdown() had cleaned up all the dangling UDP/TCP
sockets from the loop.
2020-10-30 11:11:54 +01:00
Ondřej Surý
5fcd52209a Refactor udp_recv_cb()
- more logical code flow.
- propagate errors back to the caller.
- add a 'reading' flag and call the callback from failed_read_cb()
  only when it the socket was actively reading.
2020-10-30 11:11:54 +01:00
Ondřej Surý
cdccac4993 Fix netmgr read/connect timeout issues
- don't bother closing sockets that are already closing.
- UDP read timeout timer was not stopped after reading.
- improve handling of TCP connection failures.
2020-10-30 11:11:54 +01:00
Ondřej Surý
7a6056bc8f Add isc__nm_udp_shutdown() function
This function will be called during isc_nm_closedown() to ensure
that all UDP sockets are closed and detached.
2020-10-30 11:11:54 +01:00
Evan Hunt
5dcdc00b93 add netmgr functions to support outgoing DNS queries
- isc_nm_tcpdnsconnect() sets up up an outgoing TCP DNS connection.
- isc_nm_tcpconnect(), _udpconnect() and _tcpdnsconnect() now take a
  timeout argument to ensure connections time out and are correctly
  cleaned up on failure.
- isc_nm_read() now supports UDP; it reads a single datagram and then
  stops until the next time it's called.
- isc_nm_cancelread() now runs asynchronously to prevent assertion
  failure if reading is interrupted by a non-network thread (e.g.
  a timeout).
- isc_nm_cancelread() can now apply to UDP sockets.
- added shim code to support UDP connection in versions of libuv
  prior to 1.27, when uv_udp_connect() was added

all these functions will be used to support outgoing queries in dig,
xfrin, dispatch, etc.
2020-10-30 11:11:54 +01:00
Michał Kępień
2111ea05cd Merge branch 'mnowak/OpenBSD_6.8' into 'main'
Add OpenBSD 6.8

See merge request isc-projects/bind9!4298
2020-10-30 09:39:33 +00:00
Michal Nowak
773649f413 Update to OpenBSD 6.8 2020-10-30 10:11:06 +01:00
Michal Nowak
fa1f00affe Merge branch 'mnowak/add-freebsd12.2' into 'main'
Update to FreeBSD 12.2

See merge request isc-projects/bind9!4323
2020-10-29 15:01:23 +00:00
Michal Nowak
11ab0528d9 Update to FreeBSD 12.2 2020-10-29 16:00:22 +01:00
Michal Nowak
9190b1ed18 Merge branch 'mnowak/add-fedora-33' into 'main'
Add Fedora 33

See merge request isc-projects/bind9!4326
2020-10-29 14:45:04 +00:00
Michal Nowak
b1e17e475a Add Fedora 33 2020-10-29 15:37:45 +01:00
Mark Andrews
e9b6747888 Merge branch '2236-resolver-sometimes-treats-signed-insecure-zone-with-broken-dnskey-as-bogus' into 'main'
Resolve "Resolver sometimes treats signed, insecure zone with broken DNSKEY as bogus"

Closes #2236

See merge request isc-projects/bind9!4319
2020-10-29 13:46:53 +00:00
Mark Andrews
decf117eb6 Add CHANGES note for [GL #2236] 2020-10-30 00:18:03 +11:00
Mark Andrews
d7840f4b93 Check that a zone in the process of being signed resolves
ans10 simulates a local anycast server which has both signed and
unsigned instances of a zone.  'A' queries get answered from the
signed instance.  Everything else gets answered from the unsigned
instance.  The resulting answer should be insecure.
2020-10-30 00:17:24 +11:00
Mark Andrews
718e597def Handle DNS_R_NCACHENXRRSET in fetch_callback_{dnskey,validator}()
DNS_R_NCACHENXRRSET can be return when zones are in transition state
from being unsigned to signed and signed to unsigned.  The validation
should be resumed and should result in a insecure answer.
2020-10-30 00:17:24 +11:00
Ondřej Surý
d9f3220424 Merge branch '2227-tcp-connection-closed-fix' into 'main'
Properly handle outer TCP connection closed in TCPDNS.

Closes #2227

See merge request isc-projects/bind9!4309
2020-10-29 12:21:05 +00:00
Witold Kręcicki
cd3117b747 Add CHANGES and release note for GL #2227 2020-10-29 12:34:00 +01:00
Witold Kręcicki
c41ce8e0c9 Properly handle outer TCP connection closed in TCPDNS.
If the connection is closed while we're processing the request
we might access TCPDNS outerhandle which is already reset. Check
for this condition and call the callback with ISC_R_CANCELED result.
2020-10-29 12:32:25 +01:00
Evan Hunt
0241d9ddc8 Merge branch 'each-rpz-test-typo' into 'main'
fix a typo in rpz test

See merge request isc-projects/bind9!4320
2020-10-29 05:33:40 +00:00
Evan Hunt
78af071c11 fix a typo in rpz test
"tcp-only" was not being tested correctly in the RPZ system test
because the option to the "digcmd" function that causes queries to
be sent via TCP was misspelled in one case, and was being interpreted
as a query name.

the "ckresult" function has also been changed to be case sensitive
for consistency with "digcmd".
2020-10-28 21:39:35 -07:00
Ondřej Surý
d0a988dcab Merge branch 'ondrej/use-libuv-instead-libltdl' into 'main'
Replace ltdl with libuv shared library handling interface

See merge request isc-projects/bind9!4278
2020-10-28 16:28:49 +00:00
Ondřej Surý
b349fd7402 Add CHANGES note for !4278 2020-10-28 15:48:58 +01:00
Ondřej Surý
38f34c266d Fix possible NULL dereference in cd->dlz_destroy()
If the call to cd->dlz_create() in dlopen_dlz_create() fails, cd->dbdata
may be NULL when dlopen_dlz_destroy() gets called in the cleanup path
and passing NULL to the cd->dlz_destroy() callback may cause a NULL
dereference.  Ensure that does not happen by checking whether cd->dbdata
is non-NULL before calling the cd->dlz_destroy() callback.
2020-10-28 15:48:58 +01:00
Ondřej Surý
37b9511ce1 Use libuv's shared library handling capabilities
While libltdl is a feature-rich library, BIND 9 code only uses its basic
capabilities, which are also provided by libuv and which BIND 9 already
uses for other purposes.  As libuv's cross-platform shared library
handling interface is modeled after the POSIX dlopen() interface,
converting code using the latter to the former is simple.  Replace
libltdl function calls with their libuv counterparts, refactoring the
code as necessary.  Remove all use of libltdl from the BIND 9 source
tree.
2020-10-28 15:48:58 +01:00
Ondřej Surý
e2436159ab Refactor the cleanup code in lt_dl code
The cleanup code that would clean the object after plugin/dlz/dyndb
loading has failed was duplicating the destructor for the object, so
instead of the extra code, we just use the destructor instead.
2020-10-28 15:48:58 +01:00
Ondřej Surý
4e9a58a3e6 Unify lt_dlopen() error handling
Make sure an error gets logged when any lt_dlopen() call in the source
tree fails.  Also make sure that NULL values returned by lt_dlerror()
are replaced with a generic error message to prevent passing NULL as an
argument for the %s format specifier.
2020-10-28 15:48:58 +01:00
Ondřej Surý
0f49b02fc5 Remove redundant lt_dlerror() calls
The redundant lt_dlerror() calls were taken from the examples to clean
any previous errors from lt_dl...() calls.  However upon code
inspection, it was discovered there are no such paths that could cause
the lt_dlerror() to return spurious error messages.
2020-10-28 15:48:58 +01:00
Michal Nowak
e06972eb2f Merge branch 'mnowak/enhanced-test-portability' into 'main'
POSIX compatibility fixes to system test

See merge request isc-projects/bind9!4310
2020-10-27 11:24:10 +00:00
Michal Nowak
c0c4c024c6 Replace a seq invocation with a shell loop
seq is not portable.  Use a while loop instead to make the "dnssec"
system test script POSIX-compatible.
2020-10-27 12:21:53 +01:00
Michal Nowak
481dfb9671 Get rid of bashisms in string comparisons
The double equal sign ('==') is a Bash-specific string comparison
operator.  Ensure the single equal sign ('=') is used in all POSIX shell
scripts in the system test suite in order to retain their portability.
2020-10-27 12:21:07 +01:00
Michal Nowak
ffbfa9582f Merge branch 'mnowak/add-stress-test-to-CI' into 'main'
Add stress test to CI

See merge request isc-projects/bind9!3716
2020-10-26 17:02:37 +00:00
Michal Nowak
39305411e8 Add "stress" tests to GitLab CI
Run "stress" tests for scheduled pipelines and pipelines created for
tags.  These tests were previously only performed manually (as part of
pre-release testing of each new BIND version).  Their purpose is to
detect memory leaks and potential performance issues.

As the run time of each "stress" test itself is set to 1 hour, set the
GitLab CI job timeout to 2 hours in order to account for the extra time
needed to set the test up and gather its results.
2020-10-26 18:01:19 +01:00
Michal Nowak
58aca6d9d5 Merge branch 'mnowak/openbsd-fix-gdb-in-system-test' into 'main'
Fix system test backtrace generation on OpenBSD

See merge request isc-projects/bind9!4272
2020-10-26 13:59:07 +00:00
Michal Nowak
f0b13873a3 Fix system test backtrace generation on OpenBSD
On Linux core dump contains absolute path to crashed binary

    Core was generated by `/home/newman/isc/ws/bind9/bin/named/.libs/lt-named -D glue-ns1 -X named.lock -m'.

However, on OpenBSD there's only a basename

    Core was generated by `named'.

This commit adds support for the latter, retains the former.
2020-10-26 14:58:15 +01:00
Mark Andrews
f8de3df76c Merge branch '2226-tsan-error-in-dispatch-c' into 'main'
Resolve "TSAN error in dispatch.c accessing disp->portentry"

Closes #2226

See merge request isc-projects/bind9!4286
2020-10-23 20:08:43 +00:00
Mark Andrews
5c253c416d Hold qid->lock when calling deref_portentry() as
socket_search() need portentry to be unchanging.

    WARNING: ThreadSanitizer: data race
    Write of size 8 at 0x000000000001 by thread T1 (mutexes: write M1):
    #0 deref_portentry lib/dns/dispatch.c:630
    #1 deactivate_dispsocket lib/dns/dispatch.c:861
    #2 udp_recv lib/dns/dispatch.c:1105
    #3 udp_exrecv lib/dns/dispatch.c:1028
    #4 dispatch lib/isc/task.c:1152
    #5 run lib/isc/task.c:1344
    #6 <null> <null>

    Previous read of size 8 at 0x000000000001 by thread T2 (mutexes: write M1, write M2):
    #0 socket_search lib/dns/dispatch.c:661
    #1 get_dispsocket lib/dns/dispatch.c:744
    #2 dns_dispatch_addresponse lib/dns/dispatch.c:3120
    #3 resquery_send lib/dns/resolver.c:2467
    #4 fctx_query lib/dns/resolver.c:2217
    #5 fctx_try lib/dns/resolver.c:4245
    #6 fctx_timeout lib/dns/resolver.c:4570
    #7 dispatch lib/isc/task.c:1152
    #8 run lib/isc/task.c:1344
    #9 <null> <null>
2020-10-23 13:49:41 +00:00