diff options
| -rw-r--r-- | CHANGES | 11 | ||||
| -rw-r--r-- | lib/dns/resolver.c | 5 | ||||
| -rw-r--r-- | lib/dns/zone.c | 24 | ||||
| -rw-r--r-- | lib/isc/random.c | 2 | ||||
| -rw-r--r-- | version | 2 |
5 files changed, 35 insertions, 9 deletions
@@ -1,3 +1,14 @@ + --- 9.6-ESV-R7-P2 released --- + +3346. [security] Bad-cache data could be used before it was + initialized, causing an assert. [RT #30025] + +3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821] + +3342. [bug] Change #3314 broke saving of stub zones to disk + resulting in excessive cpu usage in some cases. + [RT #29952] + --- 9.6-ESV-R7-P1 released --- 3331. [security] dns_rdataslab_fromrdataset could produce bad diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 632cfb4a7abf..e56dbbd6b813 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -8124,6 +8124,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, goto cleanup; bad->type = type; bad->hashval = hashval; + bad->expire = *expire; isc_buffer_init(&buffer, bad + 1, name->length); dns_name_init(&bad->name, NULL); dns_name_copy(name, &bad->name, &buffer); @@ -8135,8 +8136,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, if (resolver->badcount < resolver->badhash * 2 && resolver->badhash > DNS_BADCACHE_SIZE) resizehash(resolver, &now, ISC_FALSE); - } - bad->expire = *expire; + } else + bad->expire = *expire; cleanup: UNLOCK(&resolver->lock); } diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 329fbef31924..c0f57340ab52 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -6054,6 +6054,7 @@ zone_maintenance(dns_zone_t *zone) { switch (zone->type) { case dns_zone_master: case dns_zone_slave: + case dns_zone_stub: LOCK_ZONE(zone); if (zone->masterfile != NULL && isc_time_compare(&now, &zone->dumptime) >= 0 && @@ -6395,7 +6396,7 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) { goto fail; } - if (compact) { + if (compact && zone->type != dns_zone_stub) { dns_zone_t *dummy = NULL; LOCK_ZONE(zone); zone_iattach(zone, &dummy); @@ -7251,7 +7252,7 @@ stub_callback(isc_task_t *task, isc_event_t *event) { dns_zone_t *zone = NULL; char master[ISC_SOCKADDR_FORMATSIZE]; char source[ISC_SOCKADDR_FORMATSIZE]; - isc_uint32_t nscnt, cnamecnt; + isc_uint32_t nscnt, cnamecnt, refresh, retry, expire; isc_result_t result; isc_time_t now; isc_boolean_t exiting = ISC_FALSE; @@ -7399,19 +7400,32 @@ stub_callback(isc_task_t *task, isc_event_t *event) { ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write); if (zone->db == NULL) zone_attachdb(zone, stub->db); + result = zone_get_from_db(zone, zone->db, NULL, NULL, NULL, &refresh, + &retry, &expire, NULL, NULL); + if (result == ISC_R_SUCCESS) { + zone->refresh = RANGE(refresh, zone->minrefresh, + zone->maxrefresh); + zone->retry = RANGE(retry, zone->minretry, zone->maxretry); + zone->expire = RANGE(expire, zone->refresh + zone->retry, + DNS_MAX_EXPIRE); + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_HAVETIMERS); + } ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write); dns_db_detach(&stub->db); - if (zone->masterfile != NULL) - zone_needdump(zone, 0); - dns_message_destroy(&msg); isc_event_free(&event); dns_request_destroy(&zone->request); + DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_REFRESH); + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime); isc_interval_set(&i, zone->expire, 0); DNS_ZONE_TIME_ADD(&now, zone->expire, &zone->expiretime); + + if (zone->masterfile != NULL) + zone_needdump(zone, 0); + zone_settimer(zone, &now); goto free_stub; diff --git a/lib/isc/random.c b/lib/isc/random.c index 37c56198c4c6..d49a5d74ed4b 100644 --- a/lib/isc/random.c +++ b/lib/isc/random.c @@ -103,7 +103,7 @@ isc_uint32_t isc_random_jitter(isc_uint32_t max, isc_uint32_t jitter) { isc_uint32_t rnd; - REQUIRE(jitter < max); + REQUIRE(jitter < max || (jitter == 0 && max == 0)); if (jitter == 0) return (max); @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=6 PATCHVER= RELEASETYPE=-ESV -RELEASEVER=-R7-P1 +RELEASEVER=-R7-P2 |